From 49a0979dd37e1ab0284d0afb89a2a9d0372e060c Mon Sep 17 00:00:00 2001
From: Jan Caha <jan.caha@lutraconsulting.co.uk>
Date: Wed, 5 Apr 2023 10:50:35 +0200
Subject: [PATCH 1/4] process message to avoid containing password

(cherry picked from commit d259cda5c1fb027976f02b7a57553cb06764392b)
---
 dbsync.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/dbsync.py b/dbsync.py
index f5c8c68..bd81d4c 100644
--- a/dbsync.py
+++ b/dbsync.py
@@ -32,7 +32,14 @@
 
 
 class DbSyncError(Exception):
-    pass
+    default_print_password = "password='*****'"
+
+    def __init__(self, message):
+        # escaped password
+        message = re.sub(r'password=[\"\'].+[\"\']', self.default_print_password, message)
+        # not escaped password
+        message = re.sub(r'password=\S+', self.default_print_password, message)
+        super().__init__(message)
 
 
 def _add_quotes_to_schema_name(schema: str) -> str:

From 352bc82375cdc5f8abcbbb1b53a171985c99ea16 Mon Sep 17 00:00:00 2001
From: Jan Caha <jan.caha@lutraconsulting.co.uk>
Date: Wed, 5 Apr 2023 10:53:13 +0200
Subject: [PATCH 2/4] tests for dbsyncerror

(cherry picked from commit 5251ab156d6a8f0cc2ce3d1f942aa9c4a17843b2)
---
 test/test_dbsyncerror.py | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 test/test_dbsyncerror.py

diff --git a/test/test_dbsyncerror.py b/test/test_dbsyncerror.py
new file mode 100644
index 0000000..6bbdafb
--- /dev/null
+++ b/test/test_dbsyncerror.py
@@ -0,0 +1,23 @@
+import pytest
+
+from dbsync import DbSyncError
+
+
+def test_DbSyncError_password_print():
+    password = "my_secret password 8417\\.*/"
+    with pytest.raises(DbSyncError) as err:
+        raise DbSyncError(f"string1 password=\"{password}\" string2")
+    assert password not in str(err)
+    assert DbSyncError.default_print_password in str(err)
+
+    password = "my_secret password"
+    with pytest.raises(DbSyncError) as err:
+        raise DbSyncError(f"string1 password=\'{password}\' string2")
+    assert password not in str(err)
+    assert DbSyncError.default_print_password in str(err)
+
+    password = "my_secret_password84189./+-"
+    with pytest.raises(DbSyncError) as err:
+        raise DbSyncError(f"string1 password={password} string2")
+    assert password not in str(err)
+    assert DbSyncError.default_print_password in str(err)

From dcbd38391418ec094c1365e73e143cfa76ea7595 Mon Sep 17 00:00:00 2001
From: Jan Caha <jan.caha@lutraconsulting.co.uk>
Date: Wed, 3 May 2023 10:42:45 +0200
Subject: [PATCH 3/4] limit regex range with positive lookahead to space

---
 dbsync.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dbsync.py b/dbsync.py
index bd81d4c..a08bf23 100644
--- a/dbsync.py
+++ b/dbsync.py
@@ -36,7 +36,7 @@ class DbSyncError(Exception):
 
     def __init__(self, message):
         # escaped password
-        message = re.sub(r'password=[\"\'].+[\"\']', self.default_print_password, message)
+        message = re.sub(r'password=[\"\'].+[\"\'](?=\s)', self.default_print_password, message)
         # not escaped password
         message = re.sub(r'password=\S+', self.default_print_password, message)
         super().__init__(message)

From c06082fd2c692244ac5b1c68f7b40d475ad35b67 Mon Sep 17 00:00:00 2001
From: Jan Caha <jan.caha@lutraconsulting.co.uk>
Date: Wed, 3 May 2023 10:43:05 +0200
Subject: [PATCH 4/4] update tests for better readability

---
 test/test_dbsyncerror.py | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/test/test_dbsyncerror.py b/test/test_dbsyncerror.py
index 6bbdafb..e759c6c 100644
--- a/test/test_dbsyncerror.py
+++ b/test/test_dbsyncerror.py
@@ -3,21 +3,19 @@
 from dbsync import DbSyncError
 
 
-def test_DbSyncError_password_print():
-    password = "my_secret password 8417\\.*/"
-    with pytest.raises(DbSyncError) as err:
-        raise DbSyncError(f"string1 password=\"{password}\" string2")
-    assert password not in str(err)
-    assert DbSyncError.default_print_password in str(err)
+@pytest.mark.parametrize("password", ['password=\"my_secret password 8417\\.\"',
+                                      'password=\'my_secret password\'',
+                                      "password=my_secret_password84189./+-"
+                                      ])
+def test_DbSyncError_password_print(password: str):
+    host = "host=\"localhost\""
+    user = "user=user"
 
-    password = "my_secret password"
-    with pytest.raises(DbSyncError) as err:
-        raise DbSyncError(f"string1 password=\'{password}\' string2")
-    assert password not in str(err)
-    assert DbSyncError.default_print_password in str(err)
+    conn_string = f"{user} {password} {host}"
 
-    password = "my_secret_password84189./+-"
     with pytest.raises(DbSyncError) as err:
-        raise DbSyncError(f"string1 password={password} string2")
+        raise DbSyncError(conn_string)
     assert password not in str(err)
-    assert DbSyncError.default_print_password in str(err)
+    assert user in str(err)
+    assert host in str(err)
+    assert DbSyncError.default_print_password in str(err.value)