From 12b95c44d41f56a503ac391de65fa87e89697396 Mon Sep 17 00:00:00 2001
From: Dimitrios Karagiannis <dhkarag@gmail.com>
Date: Thu, 16 Mar 2017 17:25:16 +0000
Subject: [PATCH] Mask the password field of the connection URL.

This solves the issue where failed connections can leak the database connection
string to logs.
---
 postgres_exporter.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/postgres_exporter.go b/postgres_exporter.go
index 3ea75762..6dfd262e 100644
--- a/postgres_exporter.go
+++ b/postgres_exporter.go
@@ -8,6 +8,7 @@ import (
 	"io/ioutil"
 	"math"
 	"net/http"
+	"net/url"
 	"os"
 	"regexp"
 	"strconv"
@@ -996,7 +997,12 @@ func (e *Exporter) scrape(ch chan<- prometheus.Metric) {
 
 	db, err := getDB(e.dsn)
 	if err != nil {
-		log.Infof("Error opening connection to database (%s): %s", e.dsn, err)
+		loggableDsn := "could not parse DATA_SOURCE_NAME"
+		if pDsn, pErr := url.Parse(e.dsn); pErr != nil {
+			pDsn.User = url.UserPassword(pDsn.User.Username(), "xxx")
+			loggableDsn = pDsn.String()
+		}
+		log.Infof("Error opening connection to database (%s): %s", loggableDsn, err)
 		e.error.Set(1)
 		return
 	}