BatchingBatch logging SQL values at an ERROR level
Description
BatchingBatch will log failed executions at an "ERROR" level with the SQL values included. This could compromise security or violate compliance by including secrets or personal information in the logs, but squelching all ERROR level logs for the class is not desirable.
An example:
1
2019-07-22 05:01:17.175 ERROR o.h.e.jdbc.batch.internal.BatchingBatch : HHH000315: Exception executing batch [java.sql.BatchUpdateException: Batch entry 0 insert into my_schema.access_tokens (client_id, exp, jti, refresh_token_jti, token, username, key) values ('123e4567-e89b-12d3-a456-426655440000', 5554443337, '456e4567-e89b-34d5-az567-245566779999'::uuid, NULL, 'zY29wZ___i_am_a_secret_access_token___zRw8uhZeFw', NULL, '123e4567123e4567123e4567123e4567') was aborted: ERROR: duplicate key value violates unique constraint "oauth_jwt_access_token_pkey"Detail: Key (key)=(123e4567123e4567123e4567123e4567) already exists. Call getNextException to see other errors in the batch.], SQL: insert into my_schema.access_tokens (client_id, exp, jti, refresh_token_jti, token, username, key) values (?, ?, ?, ?, ?, ?, ?)Since this exception is logged and then a new exception re-thrown, it should be logged at a DEBUG level, and the handler of the exception should be tasked with log the exception. That also would allow the exception to avoid being logged twice or logging it as an ERROR in a non-fault use case, e.g. optimistic de-duplication of data.
https://github.com/hibernate/hibernate-orm/blob/master/hibernate-core/src/main/java/org/hibernate/engine/jdbc/batch/internal/BatchingBatch.java#L128-L129
At the very least, it should not be logged with the values at an ERROR level.
Environment
Status
Assignee
Reporter
Fix versions
Labels
backPortable
Suitable for new contributors
Requires Release Note
Pull Request
backportDecision
Affects versions
Priority
Major