Mask the secret key for restrict option in the process watcher when restoring plain SQL file. #9518

[akshay-joshi]

Summary by CodeRabbit

• Bug Fixes

  • Improved argument masking in restore operations: sensitive tokens are now masked (preserving the command prefix) before command construction, ensuring restricted parts are not exposed while maintaining existing handling for standard flags.

• Chores

  • Removed an unused import and added a supporting constant to centralize masking behavior.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds a new RESTRICT_COMMAND constant and applies masking for arguments containing that token in the restore tool, preserving the prefix through the token and replacing the remainder with 'x' characters before including the masked argument in the constructed command.

Changes

Cohort / File(s)	Summary
Constants Definition web/pgadmin/utils/constants.py	Added RESTRICT_COMMAND constant with value '\restrict'.
Restore Tool Masking web/pgadmin/tools/restore/__init__.py	Imported RESTRICT_COMMAND; removed unused re import; added logic to detect RESTRICT_COMMAND in args, preserve prefix through the token, mask the remainder with 'x' characters, and use the masked value when building cmd_arg (applies before existing -- handling).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related issues

• Mask the secret key for restrict option in the process watcher when restoring plain SQL file. #9518: Implements masking of the restrict secret key in restore command construction via the new RESTRICT_COMMAND constant and argument masking logic.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title directly and clearly describes the main change: adding masking for a secret key related to the restrict option during SQL file restoration, which aligns with the code changes that introduce RESTRICT_COMMAND masking logic.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 07edbd9 and 2342c8d.

📒 Files selected for processing (2)

• web/pgadmin/tools/restore/__init__.py
• web/pgadmin/utils/constants.py

🚧 Files skipped from review as they are similar to previous changes (1)

• web/pgadmin/utils/constants.py

🧰 Additional context used

🧬 Code graph analysis (1)

web/pgadmin/tools/restore/__init__.py (2)

web/pgadmin/tools/import_export/__init__.py (1)

• cmd_arg (75-82)

web/pgadmin/tools/backup/__init__.py (1)

• cmd_arg (98-104)

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: run-python-tests-pg (windows-latest, 15)
• GitHub Check: run-python-tests-pg (windows-latest, 17)
• GitHub Check: run-python-tests-pg (windows-latest, 18)
• GitHub Check: run-python-tests-pg (windows-latest, 13)
• GitHub Check: run-feature-tests-pg (18)
• GitHub Check: run-feature-tests-pg (14)
• GitHub Check: run-feature-tests-pg (13)
• GitHub Check: run-feature-tests-pg (17)
• GitHub Check: run-feature-tests-pg (16)
• GitHub Check: run-feature-tests-pg (15)

🔇 Additional comments (2)

web/pgadmin/tools/restore/__init__.py (2)

76-86: LGTM! The off-by-one error has been correctly fixed.

The masking logic now correctly preserves the token prefix and masks the secret portion while maintaining the original argument length. The implementation properly handles edge cases where the argument equals the token or is shorter.

---

28-28: The import is correct and RESTRICT_COMMAND is properly defined.

RESTRICT_COMMAND is defined in pgadmin.utils.constants (line 180) with the value '\\restrict', which correctly matches its usage in the masking logic.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @web/pgadmin/tools/restore/__init__.py:
- Around line 77-82: The masking logic for RESTRICT_COMMAND is off-by-one: when
building masked_arg in the restore code (variables arg, idx, masked_arg,
cmd_arg, self.cmd), remove the extra +1 on the slice; compute idx as currently
done (arg.find(RESTRICT_COMMAND) + len(RESTRICT_COMMAND)) and set masked_arg =
arg[:idx] + "x" * (len(arg) - idx) so the resulting length equals len(arg).
Update the masked_arg assignment accordingly where RESTRICT_COMMAND is detected.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3b184db and 07edbd9.

📒 Files selected for processing (2)

• web/pgadmin/tools/restore/__init__.py
• web/pgadmin/utils/constants.py

🧰 Additional context used

🧬 Code graph analysis (1)

web/pgadmin/tools/restore/__init__.py (2)

web/pgadmin/tools/import_export/__init__.py (1)

• cmd_arg (75-82)

web/pgadmin/tools/backup/__init__.py (1)

• cmd_arg (98-104)

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: run-feature-tests-pg (14)
• GitHub Check: run-feature-tests-pg (17)
• GitHub Check: run-feature-tests-pg (15)
• GitHub Check: run-feature-tests-pg (16)
• GitHub Check: run-feature-tests-pg (13)
• GitHub Check: run-feature-tests-pg (18)

🔇 Additional comments (3)

web/pgadmin/utils/constants.py (1)

180-180: LGTM! Constant definition is correct.

The RESTRICT_COMMAND constant is properly defined for masking sensitive arguments in the restore process.

web/pgadmin/tools/restore/__init__.py (2)

28-28: LGTM! Import is correctly added.

The import of RESTRICT_COMMAND is properly placed and used in the masking logic below.

---

83-86: LGTM! Correct control flow with elif.

The change from if to elif is appropriate because arguments containing RESTRICT_COMMAND should be masked and not processed by subsequent conditions. This ensures mutually exclusive handling of different argument types.