idanoo/autobrr
1
0
Fork 0
mirror of https://github.com/idanoo/autobrr synced 2025-07-23 08:49:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(logs): webhook sanitization (#809)

Browse source 
* feat: sanitize passwords from json payload

* add webhook sanitization

* update comments

Co-authored-by: soup <soup@r4tio.dev>

* sanitize RED apikeys from webhook payloads

* added an optional whitespace token between field name and data

---------

Co-authored-by: soup <soup@r4tio.dev>
This commit is contained in:
martylukyy 2023-04-10 14:32:19 +02:00 committed by GitHub
parent 69f6acbc4d
commit 169863dded
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
internal/http/logs.go
View file

@ -94,6 +94,10 @@ var (
pattern *regexp.Regexp pattern *regexp.Regexp
repl string repl string
}{ }{
{
pattern: regexp.MustCompile(`("apikey\\":\s?\\"|"host\\":\s?\\"|"password\\":\s?\\"|"user\\":\s?\\"|ExternalWebhookHost:)(\S+)(\\"|\sExternalWebhookData:)`),
repl: "${1}REDACTED${3}",
},
{ {
pattern: regexp.MustCompile(`(torrent_pass|passkey|authkey|auth|secret_key|api|apikey)=([a-zA-Z0-9]+)`), pattern: regexp.MustCompile(`(torrent_pass|passkey|authkey|auth|secret_key|api|apikey)=([a-zA-Z0-9]+)`),
repl: "${1}=REDACTED", repl: "${1}=REDACTED",
@ -166,9 +170,9 @@ func SanitizeLogFile(filePath string, output io.Writer) error {
strings.Contains(line, `"module":"action"`) strings.Contains(line, `"module":"action"`)
for i := 0; i < len(regexReplacements); i++ { for i := 0; i < len(regexReplacements); i++ {
// Apply the first two patterns only if the line contains "module":"feed", // Apply the first three patterns only if the line contains "module":"feed",
// "module":"filter", "repo":"release", or "module":"action" // "module":"filter", "repo":"release", or "module":"action"
if i < 2 { if i < 3 {
if bFilter { if bFilter {
line = regexReplacements[i].pattern.ReplaceAllString(line, regexReplacements[i].repl) line = regexReplacements[i].pattern.ReplaceAllString(line, regexReplacements[i].repl)
} }

12
internal/http/logs_sanitize_test.go
View file

@ -138,6 +138,18 @@ func TestSanitizeLogFile(t *testing.T) {
input: "\"module\":\"irc\" PRIVMSG NickServ IDENTIFY zAPEJEA8ryYnpj3AiE3KJ", input: "\"module\":\"irc\" PRIVMSG NickServ IDENTIFY zAPEJEA8ryYnpj3AiE3KJ",
expected: "\"module\":\"irc\" PRIVMSG NickServ IDENTIFY REDACTED", expected: "\"module\":\"irc\" PRIVMSG NickServ IDENTIFY REDACTED",
}, },
{
input: "\"module\":\"action\" \\\"host\\\":\\\"subdomain.domain.com:42069/subfolder\\\", \\n \\\"user\\\":\\\"AUserName\\\", \\n \\\"password\\\":\\\"p4ssw0!rd\\\", \\n",
expected: "\"module\":\"action\" \\\"host\\\":\\\"REDACTED\\\", \\n \\\"user\\\":\\\"REDACTED\\\", \\n \\\"password\\\":\\\"REDACTED\\\", \\n",
},
{
input: "\"module\":\"action\" ExternalWebhookHost:http://127.0.0.1:6940/api/upgrade ExternalWebhookData:",
expected: "\"module\":\"action\" ExternalWebhookHost:REDACTED ExternalWebhookData:",
},
{
input: "\"module\":\"filter\" \\\"id\\\": 3855,\\n \\\"apikey\\\": \\\"ad789a9s8d.asdpoiasdpojads09sad809\\\",\\n \\\"minratio\\\": 10.0\\n",
expected: "\"module\":\"filter\" \\\"id\\\": 3855,\\n \\\"apikey\\\": \\\"REDACTED\\\",\\n \\\"minratio\\\": 10.0\\n",
},
} }
for _, testCase := range testCases { for _, testCase := range testCases {