Skip to content

CHORE: align connection string sanitizer with its documented key masking#653

Merged
bewithgaurav merged 3 commits into
mainfrom
bewithgaurav/sanitizer-mask-password-key
Jul 2, 2026
Merged

CHORE: align connection string sanitizer with its documented key masking#653
bewithgaurav merged 3 commits into
mainfrom
bewithgaurav/sanitizer-mask-password-key

Conversation

@bewithgaurav

@bewithgaurav bewithgaurav commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

Work Item / Issue Reference

Fixed AB#46030


Summary

sanitize_connection_string documents masking of the PWD and Password keys, but
_SENSITIVE_KEYS only listed pwd, so the Password synonym passed through unmasked.
this adds password to _SENSITIVE_KEYS so the implementation matches its documented
behavior, plus regression tests for password / Password / PASSWORD and a braced value.

sanitize_connection_string documents masking of the PWD and Password keys, but _SENSITIVE_KEYS only listed pwd, so the password synonym passed through unmasked. add password to _SENSITIVE_KEYS so the implementation matches the docstring, and add regression tests covering password / Password / PASSWORD and a braced value.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions github-actions Bot added the pr-size: small Minimal code update label Jun 30, 2026
Comment thread tests/test_007_logging.py Dismissed
Comment thread tests/test_007_logging.py Dismissed
Comment thread tests/test_007_logging.py Dismissed
Comment thread tests/test_007_logging.py Dismissed
Comment thread tests/test_007_logging.py Dismissed
@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown

📊 Code Coverage Report

🔥 Diff Coverage

100%


🎯 Overall Coverage

80%


📈 Total Lines Covered: 6746 out of 8334
📁 Project: mssql-python


Diff Coverage

Diff: main...HEAD, staged and unstaged changes

  • mssql_python/connection_string_parser.py (100%)

Summary

  • Total: 1 line
  • Missing: 0 lines
  • Coverage: 100%

📋 Files Needing Attention

📉 Files with overall lowest coverage (click to expand)
mssql_python.pybind.logger_bridge.cpp: 59.2%
mssql_python.pybind.ddbc_bindings.h: 59.9%
mssql_python.pybind.logger_bridge.hpp: 70.8%
mssql_python.pybind.connection.connection.cpp: 76.2%
mssql_python.pybind.ddbc_bindings.cpp: 76.3%
mssql_python.row.py: 76.9%
mssql_python.__init__.py: 77.3%
mssql_python.ddbc_bindings.py: 79.6%
mssql_python.logging.py: 85.5%
mssql_python.connection.py: 85.6%

🔗 Quick Links

⚙️ Build Summary 📋 Coverage Details

View Azure DevOps Build

Browse Full Coverage Report

@bewithgaurav bewithgaurav marked this pull request as ready for review June 30, 2026 06:48
Copilot AI review requested due to automatic review settings June 30, 2026 06:48

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR aligns sanitize_connection_string behavior with its documented contract by ensuring the Password synonym is treated as sensitive and masked, and adds regression tests to cover common password casings and braced values.

Changes:

  • Add "password" to the sanitizer’s _SENSITIVE_KEYS set so Password= values are masked.
  • Add tests covering password / Password / PASSWORD and a braced password value containing semicolons.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
mssql_python/connection_string_parser.py Expands sensitive key masking to include password alongside pwd.
tests/test_007_logging.py Adds regression tests for password synonym masking, casing variants, and braced values.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tests/test_007_logging.py
Comment thread tests/test_007_logging.py
Comment thread tests/test_007_logging.py
Copilot AI and others added 2 commits June 30, 2026 12:23
…t absence

address review feedback: the password synonym tests asserted only that the secret substring was absent, which would also pass under full-redaction fallback. assert password=*** is present and that the output did not fall back to the redacted placeholder.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@bewithgaurav bewithgaurav merged commit c91a600 into main Jul 2, 2026
29 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

pr-size: small Minimal code update

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants