Avatar for the Eventual-Inc user
Eventual-Inc
Daft
BlogDocsChangelog

Performance History

Latest Results

fix(sql): redact password in SQL connection errors and repr (#6902) ## Changes Made `daft.read_sql` error messages and `SQLConnection.__repr__` print the full connection URL, which leaks the password when authentication fails. A customer connecting to Trino reported: ```python df = daft.read_sql( "SELECT * FROM iceberg.namespace.table", f"trino://{user}:{password}@trino_host:443", ) # RuntimeError: Failed to execute sql: ... from connection: trino://user:THE_REAL_PASSWORD@trino_host:443, error: ... ``` This change adds a small `_redact_url` helper in `daft/sql/sql_connection.py` that replaces the password with `***` while preserving the username (matching SQLAlchemy's `URL.render_as_string(hide_password=True)` convention โ€” keeping the username is helpful for debugging and Trino's own auth error already surfaces it). The helper is wired into: - `SQLConnection.__repr__` - The `RuntimeError` raised from the connectorx execution path - The `RuntimeError` raised from the SQLAlchemy execution path After the fix: ``` trino://alice:hunter2@trino.example.com:443 -> trino://alice:***@trino.example.com:443 ``` URLs without a password (e.g. `sqlite:///my.db`, `mysql://user@host/db`) and non-URL strings are returned unchanged. ### Tests Added 10 unit tests in `tests/io/test_sql.py`: - 8 parametrized cases for `_redact_url` covering URLs with/without password, empty username, port/path/query, and non-URL inputs. - `test_execute_sql_error_does_not_leak_password` โ€” drives a real connection failure and asserts the password is absent and the redacted form (`alice:***@127.0.0.1:1`) is present. - `test_repr_does_not_leak_password`. All pass locally. ## Related Issues n/a โ€” reported by a customer. ## Test plan - [ ] CI green (lint, mypy `--all-files`, tests) - [ ] Reviewer confirms password redaction behaviour and convention choice (username preserved) ๐Ÿค– Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Varun Madan <varun@Varuns-MacBook-Pro.local> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Varun Madan <varun@mac.attlocal.net>
main
43 minutes ago
update remote uri check
gavin9402:introduce_file_resource
14 hours ago

Latest Branches

CodSpeed Performance Gauge
+10%
fix(sql): redact password in SQL connection errors and repr#6902
11 hours ago
e4fe0b0
varun/redact-sql-creds
CodSpeed Performance Gauge
0%
feat: Introduce file resource management#6637
10 days ago
642fcd5
gavin9402:introduce_file_resource
CodSpeed Performance Gauge
0%
20 hours ago
824fe7f
claude/implement-linear-df-1992-eIF20
ยฉ 2026 CodSpeed Technology
Home Terms Privacy Docs