Skip to content

Add Log Lint Test to Prevent Data Value Leakage in TiDB Logs When Log Redaction is Enabled #59697

New issue
New issue
Open
Open
Add Log Lint Test to Prevent Data Value Leakage in TiDB Logs When Log Redaction is Enabled#59697
Labels
type/enhancementThe issue or PR belongs to an enhancement.
@HaoW30

Description

@HaoW30
HaoW30
opened on Feb 21, 2025

Enhancement

Description:
When log.redaction-enabled is set to true, TiDB should ensure that sensitive user data is not logged. However, there is currently no automated test to enforce this guarantee and detect accidental data leakage in logs. To improve security and compliance, I propose adding a log lint test to validate that TiDB logs do not contain raw data values when log redaction is enabled.

Related Issue:

#59279 - Existing discussion on potential log data leakage.

Proposal:

  1. Develop a log lint test as part of TiDB’s CI/CD pipeline to scan logs when log.redaction-enabled=true.
  2. Define a rule set to detect sensitive data patterns (e.g., SQL literals, raw query parameters, user-provided values).
  3. Ensure logs comply with redaction expectations by verifying placeholders (?) are used instead of actual values.
  4. Fail the test if data leakage is detected, ensuring regressions do not occur in future releases.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    type/enhancementThe issue or PR belongs to an enhancement.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions