search

yehoshuadimarsky / bcpandas

High-level wrapper around BCP for high performance data transfers between pandas and SQL Server. No knowledge of BCP required!!
MIT License
125 stars 43 forks source link

`quote_this` prevents password from being redacted on non-Windows OS #118

Open NodeJSmith opened 1 year ago

NodeJSmith commented 1 year ago

On a non-Windows OS, the quote_this function calls shlex.quote(this) on the provided password. Later , the bcp_command_log is modified to redact the password, but because the password has been wrapped in single quotes this does not work.

bcp_command_log = [c if c != creds.password else "[REDACTED]" for c in bcp_command]

A likely fix is to reassign the quoted value back to the creds object after quoting the values. This section is included below. Another option would be to handle the quote_this logic directly in the creds object.

    if creds.with_krb_auth:
        auth = ["-T"]
    else:
        auth = ["-U", quote_this(creds.username), "-P", quote_this(creds.password)]
jacobshaw42 commented 1 year ago

@NodeJSmith could you check that 2.4.2 redacts your password?