From d817d6bbffef8166d75135f5efd23b23117cdece Mon Sep 17 00:00:00 2001
From: david-leifker <114954101+david-leifker@users.noreply.github.com>
Date: Fri, 8 Aug 2025 19:27:09 -0500
Subject: [PATCH] fix(test): fix sensitive properties test (#14407)

---
 .../collectors/PropertiesCollector.java        | 18 ++++++++++++++----
 .../PropertiesCollectorConfigurationTest.java  | 17 ++++++++++++-----
 2 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/metadata-io/src/main/java/com/linkedin/metadata/system_info/collectors/PropertiesCollector.java b/metadata-io/src/main/java/com/linkedin/metadata/system_info/collectors/PropertiesCollector.java
index 010621e177..c3a851186b 100644
--- a/metadata-io/src/main/java/com/linkedin/metadata/system_info/collectors/PropertiesCollector.java
+++ b/metadata-io/src/main/java/com/linkedin/metadata/system_info/collectors/PropertiesCollector.java
@@ -49,7 +49,12 @@ public class PropertiesCollector {
   private static final Set<Pattern> ALLOWED_PATTERNS =
       compilePatterns(
           Set.of(
-              "cache\\.client\\..*" // Allow all cache.client.* properties
+              "cache\\.client\\..*", // Allow all cache.client.* properties
+              ".*\\.(delay|interval|timeout|duration|initial|max|wait).*ms$", // Allow specific ms
+              // properties
+              ".*\\.limit$", // Allow properties ending with .limit
+              ".*\\.max$", // Allow properties ending with .max
+              ".*\\.\\w*size$" // Allow properties ending with .pageSize .batchSize
               ));
 
   /**
@@ -120,7 +125,7 @@ public class PropertiesCollector {
                   String resolvedValue = springEnvironment.getProperty(k);
 
                   // Check if this is an allowed property
-                  if (isAllowedProperty(k)) {
+                  if (isAllowedProperty(k, resolvedValue)) {
                     return PropertyInfo.builder()
                         .key(k)
                         .value(rawValue)
@@ -170,9 +175,14 @@ public class PropertiesCollector {
     return sources;
   }
 
-  private boolean isAllowedProperty(String key) {
+  private boolean isAllowedProperty(String key, String value) {
     String lowerKey = key.toLowerCase();
-    return ALLOWED_PATTERNS.stream().anyMatch(pattern -> pattern.matcher(lowerKey).find())
+    // Check if value is a boolean
+    boolean isBooleanValue =
+        value != null && (value.equalsIgnoreCase("true") || value.equalsIgnoreCase("false"));
+
+    return isBooleanValue
+        || ALLOWED_PATTERNS.stream().anyMatch(pattern -> pattern.matcher(lowerKey).find())
         || SENSITIVE_PATTERNS.stream().noneMatch(lowerKey::endsWith);
   }
 }
diff --git a/metadata-io/src/test/java/com/linkedin/metadata/system_info/collectors/PropertiesCollectorConfigurationTest.java b/metadata-io/src/test/java/com/linkedin/metadata/system_info/collectors/PropertiesCollectorConfigurationTest.java
index 47832ed4e7..a84f59036c 100644
--- a/metadata-io/src/test/java/com/linkedin/metadata/system_info/collectors/PropertiesCollectorConfigurationTest.java
+++ b/metadata-io/src/test/java/com/linkedin/metadata/system_info/collectors/PropertiesCollectorConfigurationTest.java
@@ -74,10 +74,6 @@ public class PropertiesCollectorConfigurationTest extends AbstractTestNGSpringCo
           // Services encryption
           "secretService.encryptionKey",
 
-          // Authentication mode settings that can contain sensitive data
-          "ebean.postgresUseIamAuth",
-          "elasticsearch.opensearchUseAwsIamAuth",
-
           // Environment variables that may contain sensitive paths/credentials
           "GIT_ASKPASS", // Can contain path to credential helper
           "PWD" // Current directory may contain sensitive info
@@ -115,7 +111,15 @@ public class PropertiesCollectorConfigurationTest extends AbstractTestNGSpringCo
           "cache.client.entityClient.entityAspectTTLSeconds.*.*",
 
           // Gradle test worker properties (Java system properties)
-          "org.gradle.test.worker*");
+          "org.gradle.test.worker*",
+
+          // System update properties
+          "systemUpdate.*.enabled",
+          "systemUpdate.*.batchSize",
+
+          // IAM authentication flags
+          "*.postgresUseIamAuth",
+          "*.opensearchUseAwsIamAuth");
 
   /**
    * Property keys that should NOT be redacted. Add new non-sensitive properties here when they are
@@ -317,8 +321,11 @@ public class PropertiesCollectorConfigurationTest extends AbstractTestNGSpringCo
           "socksNonProxyHosts",
 
           // Java system properties
+          "apple.awt.application.name",
           "file.encoding",
           "file.separator",
+          "stderr.encoding",
+          "stdout.encoding",
           "java.awt.headless",
           "java.class.path",
           "java.class.version",