From c6741fb537a5e4bf4280c20f59e9cd1b9d7e7d30 Mon Sep 17 00:00:00 2001 From: Florian Kisser Date: Thu, 7 Aug 2014 12:33:03 +0200 Subject: [PATCH] [FIX] sql_db: don't log dsn with unmasked passwords The dsn may contain the connection password of the database when not accessed from a psycopg connection object. Replace the unfiltered logs to use cxn.dsn avoiding password leakage in logs. Fixes #1433 --- openerp/sql_db.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/openerp/sql_db.py b/openerp/sql_db.py index 739c32a4f12..589da7ffe3b 100644 --- a/openerp/sql_db.py +++ b/openerp/sql_db.py @@ -477,8 +477,6 @@ class ConnectionPool(object): @locked def borrow(self, dsn): - self._debug('Borrow connection to %r', dsn) - # free dead and leaked connections for i, (cnx, _) in tools.reverse_enumerate(self._connections): if cnx.closed: @@ -503,7 +501,7 @@ class ConnectionPool(object): continue self._connections.pop(i) self._connections.append((cnx, True)) - self._debug('Existing connection found at index %d', i) + self._debug('Borrow existing connection to %r at index %d', cnx.dsn, i) return cnx @@ -546,11 +544,15 @@ class ConnectionPool(object): @locked def close_all(self, dsn=None): - _logger.info('%r: Close all connections to %r', self, dsn) + count = 0 + last = None for i, (cnx, used) in tools.reverse_enumerate(self._connections): if dsn is None or cnx._original_dsn == dsn: cnx.close() - self._connections.pop(i) + last = self._connections.pop(i)[0] + count += 1 + _logger.info('%r: Closed %d connections %s', self, count, + (dsn and last and 'to %r' % last.dsn) or '') class Connection(object):