From 4032d4f66a53acda7e9e6da8d55d0e0aab65012d Mon Sep 17 00:00:00 2001
From: Marek Siarkowicz <siarkowicz@google.com>
Date: Wed, 12 Jan 2022 16:24:54 +0100
Subject: [PATCH] Remove CodeQL errors

---
 client/v2/curl.go                 | 2 +-
 etcdutl/etcdutl/backup_command.go | 1 -
 tools/etcd-dump-db/backend.go     | 2 +-
 tools/etcd-dump-logs/main.go      | 4 ++++
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/client/v2/curl.go b/client/v2/curl.go
index b05ebce50..8d1236754 100644
--- a/client/v2/curl.go
+++ b/client/v2/curl.go
@@ -60,7 +60,7 @@ func printcURL(req *http.Request) error {
 		command += fmt.Sprintf(" -d %q", string(b))
 	}
 
-	fmt.Fprintf(os.Stderr, "cURL Command: %s\n", command)
+	fmt.Fprintf(os.Stderr, "cURL Command: %q\n", command)
 
 	// reset body
 	body := bytes.NewBuffer(b)
diff --git a/etcdutl/etcdutl/backup_command.go b/etcdutl/etcdutl/backup_command.go
index 13e6eb76b..ce9b50bd9 100644
--- a/etcdutl/etcdutl/backup_command.go
+++ b/etcdutl/etcdutl/backup_command.go
@@ -286,7 +286,6 @@ func saveDB(lg *zap.Logger, destDB, srcDB string, idx uint64, term uint64, desir
 		case src = <-ch:
 		case <-time.After(time.Second):
 			lg.Fatal("timed out waiting to acquire lock on", zap.String("srcDB", srcDB))
-			src = <-ch
 		}
 		defer src.Close()
 
diff --git a/tools/etcd-dump-db/backend.go b/tools/etcd-dump-db/backend.go
index 7962007f8..3306f7f70 100644
--- a/tools/etcd-dump-db/backend.go
+++ b/tools/etcd-dump-db/backend.go
@@ -122,7 +122,7 @@ func authUsersDecoder(k, v []byte) {
 	if err != nil {
 		panic(err)
 	}
-	fmt.Printf("user=%q, roles=%q, password=%q, option=%v\n", user.Name, user.Roles, string(user.Password), user.Options)
+	fmt.Printf("user=%q, roles=%q, option=%v\n", user.Name, user.Roles, user.Options)
 }
 
 func iterateBucket(dbPath, bucket string, limit uint64, decode bool) (err error) {
diff --git a/tools/etcd-dump-logs/main.go b/tools/etcd-dump-logs/main.go
index 15c76a40a..899f40591 100644
--- a/tools/etcd-dump-logs/main.go
+++ b/tools/etcd-dump-logs/main.go
@@ -232,6 +232,10 @@ type EntryPrinter func(e raftpb.Entry)
 func printInternalRaftRequest(entry raftpb.Entry) {
 	var rr etcdserverpb.InternalRaftRequest
 	if err := rr.Unmarshal(entry.Data); err == nil {
+		// Ensure we don't log user password
+		if rr.AuthUserChangePassword != nil && rr.AuthUserChangePassword.Password != "" {
+			rr.AuthUserChangePassword.Password = "<value removed>"
+		}
 		fmt.Printf("%4d\t%10d\tnorm\t%s", entry.Term, entry.Index, rr.String())
 	}
 }