diff --git itests/hive-unit/src/test/java/org/apache/hive/service/cli/thrift/TestThriftCLIServiceSecurity.java itests/hive-unit/src/test/java/org/apache/hive/service/cli/thrift/TestThriftCLIServiceSecurity.java
new file mode 100644
index 0000000000..040c694865
--- /dev/null
+++ itests/hive-unit/src/test/java/org/apache/hive/service/cli/thrift/TestThriftCLIServiceSecurity.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hive.service.cli.thrift;
+
+import static org.junit.Assert.assertFalse;
+
+import org.apache.hive.service.rpc.thrift.TOpenSessionReq;
+import org.junit.Test;
+
+/**
+ * Test security in classes generated by Thrift.
+ */
+public class TestThriftCLIServiceSecurity {
+
+ /**
+ * Ensures password isn't printed to logs from TOpenSessionReq.toString().
+ * See maven-replacer-plugin code in service-rpc/pom.xml.
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testPasswordNotInLogs() throws Exception {
+ String PASSWORD = "testpassword";
+ TOpenSessionReq tOpenSessionReq = new TOpenSessionReq();
+ tOpenSessionReq.setPassword(PASSWORD);
+ assertFalse(tOpenSessionReq.toString().contains(PASSWORD));
+ }
+
+}
diff --git service-rpc/pom.xml service-rpc/pom.xml
index d6a07a55bc..2f9ef455b6 100644
--- service-rpc/pom.xml
+++ service-rpc/pom.xml
@@ -121,29 +121,47 @@
replace
+
+ ${basedir}/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/
+ *.java
+
+
+ public class
+ @org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public class
+ true
+
+
+ public static class
+ @org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public static class
+ true
+
+
+ public interface
+ @org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public interface
+ true
+
+
+
+
+
+ mask-password
+ process-sources
+
+ replace
+
+
+ ${basedir}/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
+
+
+ if \(this.password \=\= null\) \{\n sb.append\(\"null"\)\;\n \} else \{\n sb.append\(this.password\)\;\n \}
+ // Password found and replaced by maven-replacer-plugin in hive-service-rpc.pom. Please update if this file changes.
+ sb.append("-");
+
+
+
+
-
- ${basedir}/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/
- *.java
-
-
- public class
- @org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public class
- true
-
-
- public static class
- @org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public static class
- true
-
-
- public interface
- @org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public interface
- true
-
-
-
diff --git service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
index 3195e704f3..2550d981df 100644
--- service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
+++ service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
@@ -540,11 +540,8 @@ public String toString() {
if (isSetPassword()) {
if (!first) sb.append(", ");
sb.append("password:");
- if (this.password == null) {
- sb.append("null");
- } else {
- sb.append(this.password);
- }
+ // Password found and replaced by maven-replacer-plugin in hive-service-rpc.pom. Please update if this file changes.
+ sb.append("-");
first = false;
}
if (isSetConfiguration()) {