Luigi is a Python module that helps you build complex pipelines of batch jobs. It handles dependency resolution, workflow management, visualization etc. It also comes with Hadoop support built in.
Apache License 2.0
17.71k
stars
2.39k
forks
source link
Clear-text Logging of Sensitive Information in `luigi/contrib/pai.py` #3300
Sensitive information like passwords should not be logged. Instead, consider logging non-sensitive parts of the request or obfuscating sensitive data before logging.
Hi,
I am reporting a potential security issue has been identified in the file
luigi/contrib/pai.py.https://github.com/spotify/luigi/blob/9e0898e5ba31cb15e659c7e90d7db08ea1131f40/luigi/contrib/pai.py#L240-L242 The code snippet logs sensitive information, specifically the username and password, in clear text. This can expose sensitive data if the logs are accessed by unauthorized parties.
Sensitive information like passwords should not be logged. Instead, consider logging non-sensitive parts of the request or obfuscating sensitive data before logging.
Thanks.
References