Mask the secret key for restrict option in the process watcher when restoring plain SQL file. #9518

akshay-joshi · akshay-joshi · commit 2342c8dc0727 · 2026-01-07T19:16:24.000+05:30
Fixed coderabbit review comment.
diff --git a/web/pgadmin/tools/restore/__init__.py b/web/pgadmin/tools/restore/__init__.py
@@ -10,7 +10,6 @@
 """Implements Restore Utility"""
 
 import json
-import re
 import secrets
 
 from flask import render_template, request, current_app, Response
@@ -26,7 +25,7 @@
     internal_server_error
 
 from config import PG_DEFAULT_DRIVER
-from pgadmin.utils.constants import MIMETYPE_APP_JS, SERVER_NOT_FOUND
+from pgadmin.utils.constants import SERVER_NOT_FOUND, RESTRICT_COMMAND
 from pgadmin.tools.user_management.PgAdminPermissions import AllPermissionTypes
 
 # set template path for sql scripts
@@ -75,7 +74,13 @@ def cmd_arg(x):
             return ''
 
         for arg in _args:
-            if arg and len(arg) >= 2 and arg.startswith('--'):
+            if arg and RESTRICT_COMMAND in arg:
+                # Find the index where \restrict ends
+                idx = arg.find(RESTRICT_COMMAND) + len(RESTRICT_COMMAND)
+                # Keep the prefix and mask everything after it
+                masked_arg = arg[:idx + 1] + "x" * (len(arg) - idx - 1)
+                self.cmd += cmd_arg(masked_arg)
+            elif arg and len(arg) >= 2 and arg.startswith('--'):
                 self.cmd += ' ' + arg
             else:
                 self.cmd += cmd_arg(arg)
diff --git a/web/pgadmin/utils/constants.py b/web/pgadmin/utils/constants.py
@@ -177,3 +177,4 @@ class MessageType:
 
 RESTRICTION_TYPE_DATABASES = 'databases'
 RESTRICTION_TYPE_SQL = 'sql'
+RESTRICT_COMMAND = '\\restrict'

Original file line number	Diff line number	Diff line change
`@@ -177,3 +177,4 @@ class MessageType:`
`177`	`177`
`178`	`178`	`RESTRICTION_TYPE_DATABASES = 'databases'`
`179`	`179`	`RESTRICTION_TYPE_SQL = 'sql'`
	`180`	`+RESTRICT_COMMAND = '\\restrict'`