Redact Connection strings with "unstructured" extra

[0x0OZ]

Description

The Airflow REST API redacts sensitive fields in connection responses. The password field is always replaced with ***. The extra field is redacted by parsing it as JSON and redacting each value in the resulting dictionary.

However, if the extra field contains a non-JSON string (e.g., a raw Bearer token, a key=value pair, XML, or any other format), the json.loads() call raises JSONDecodeError, and the exception handler returns the raw value as-is without redaction.

From reading the comment there, it seems this is a known issue, so I didn't report this as a security bug, but hopefully as a feature request.

    def redact_extra(cls, v: str | None) -> str | None:
        if v is None:
            return None
        try:
            extra_dict = json.loads(v)
            redacted_dict = redact(extra_dict)
            return json.dumps(redacted_dict)
        except json.JSONDecodeError:
            # we can't redact fields in an unstructured `extra`
            return v

Currenlty the code simply returns the extra field if it failed to dumps its JSON, instead maybe it should just return ***, e.g return "***"

Ref:
https://github.com/apache/airflow/blob/main/airflow-core/src/airflow/api_fastapi/core_api/datamodels/connections.py#L53-L65

Use case/motivation

No response

Related issues

No response

Are you willing to submit a PR?

• Yes I am willing to submit a PR!

Code of Conduct

• I agree to follow this project's Code of Conduct

[boring-cyborg]

Thanks for opening your first issue here! Be sure to follow the issue template! If you are willing to raise PR to address this issue please do so, no need to wait for approval.

[kuldeep27396]

I will do this, please add me

[0x0OZ]

I will do this, please add me

I already made one at the same time but forgot to mention it here: #63161