Wrap options into a SensitiveData struct when crossing process boundaries, closes #340

Author: josevalim

integration_test/cases/after_connect_test.exs

@@ -393,4 +393,41 @@ defmodule AfterConnectTest do
 
     assert [connect: [_], handle_status: _, handle_status: _] = A.record(agent)
   end
+
+  test "after_connect raises" do
+    err = RuntimeError.exception("oops")
+
+    stack = [
+      {:ok, :state},
+      {:idle, :state},
+      {:error, err, :new_state},
+      {:ok, %Q{}, %R{}, :newer_state},
+      {:idle, :newer_state},
+      {:ok, %Q{}, %R{}, :newest_state}
+    ]
+
+    {:ok, agent} = A.start_link(stack)
+    parent = self()
+
+    after_connect = fn conn ->
+      send(parent, {:after_connect, self()})
+      _ = Process.put(:agent, agent)
+
+      case P.execute(conn, %Q{}, [:after_connect]) do
+        {:error, err} -> raise err
+        {:ok, _, _} -> :ok
+      end
+    end
+
+    secret = "SHOULD NOT LEAK"
+    opts = [after_connect: after_connect, agent: agent, parent: self(), secret: secret]
+
+    refute ExUnit.CaptureLog.capture_log(fn ->
+             {:ok, _pool} = P.start_link(opts)
+
+             assert_receive {:after_connect, task}
+             ref = Process.monitor(task)
+             assert_receive {:DOWN, ^ref, _, _, {%RuntimeError{}, _}}
+           end) =~ secret
+  end
 end

lib/db_connection.ex

@@ -1,3 +1,9 @@
+defmodule DBConnection.SensitiveData do
+  @moduledoc false
+  @derive {Inspect, only: []}
+  defstruct [:data]
+end
+
 defmodule DBConnection.Stream do
   defstruct [:conn, :query, :params, :opts]
 

lib/db_connection/connection.ex

@@ -9,12 +9,12 @@ defmodule DBConnection.Connection do
   alias DBConnection.Util
 
   @timeout 15_000
-  @sensitive_opts [:parameters, :hostname, :port, :username, :password, :database]
 
   @doc false
   def start_link(mod, opts, pool, tag) do
     start_opts = Keyword.take(opts, [:debug, :spawn_opt])
-    :gen_statem.start_link(__MODULE__, {mod, opts, pool, tag}, start_opts)
+    sensitive_options = %DBConnection.SensitiveData{data: opts}
+    :gen_statem.start_link(__MODULE__, {mod, sensitive_options, pool, tag}, start_opts)
   end
 
   @doc false
@@ -48,7 +48,7 @@ defmodule DBConnection.Connection do
 
   @doc false
   @impl :gen_statem
-  def init({mod, opts, pool, tag}) do
+  def init({mod, %DBConnection.SensitiveData{data: opts}, pool, tag}) do
     pool_index = Keyword.get(opts, :pool_index)
     label = if pool_index, do: "db_conn_#{pool_index}", else: "db_conn"
     Util.set_label(label)
@@ -235,7 +235,6 @@ defmodule DBConnection.Connection do
     case apply(mod, :checkout, [state]) do
       {:ok, state} ->
         opts = [timeout: timeout] ++ opts
-        opts = Keyword.drop(opts, @sensitive_opts)
         {pid, ref} = DBConnection.Task.run_child(mod, state, after_connect, opts)
         timer = start_timer(pid, timeout)
         s = %{s | client: {ref, :after_connect}, timer: timer, state: state}

lib/db_connection/task.ex

@@ -5,14 +5,14 @@ defmodule DBConnection.Task do
   require DBConnection.Holder
 
   def run_child(mod, state, fun, opts) do
-    arg = [fun, self(), opts]
+    arg = [fun, self(), %DBConnection.SensitiveData{data: opts}]
     {:ok, pid} = Task.Supervisor.start_child(@name, __MODULE__, :init, arg)
     ref = Process.monitor(pid)
     _ = DBConnection.Holder.update(pid, ref, mod, state)
     {pid, ref}
   end
 
-  def init(fun, parent, opts) do
+  def init(fun, parent, %DBConnection.SensitiveData{data: opts}) do
     try do
       Process.link(parent)
     catch