From 5225c1e9561b537a91f79b9cdc6639274e3a3e74 Mon Sep 17 00:00:00 2001 From: Daniel Williams Date: Sat, 28 Oct 2023 11:04:57 +0100 Subject: [PATCH] feat(logs): sanitize basic auth in urls (#1188) * Added regex pattern to capture credentials used to bypass auth * Updated test case for log sanitisation * Changed replacement pattern * Update logs_sanitize_test.go * fix: reorder regex patterns --------- Co-authored-by: soup --- internal/http/logs.go | 6 +++++- internal/http/logs_sanitize_test.go | 4 ++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/internal/http/logs.go b/internal/http/logs.go index 9e47e30..4273bc5 100644 --- a/internal/http/logs.go +++ b/internal/http/logs.go @@ -109,6 +109,10 @@ var ( pattern: regexp.MustCompile(`(https?://[^\s]+/((rss/download/[a-zA-Z0-9]+/)|torrent/download/((auto\.[a-zA-Z0-9]+\.|[a-zA-Z0-9]+\.))))([a-zA-Z0-9]+)`), repl: "${1}REDACTED", }, + { + pattern: regexp.MustCompile(`(https?://)(.*?):(.*?)@`), + repl: "${1}REDACTED_USER:REDACTED_PW@", + }, { pattern: regexp.MustCompile(`(NickServ IDENTIFY )([\p{L}0-9!#%&*+/:;<=>?@^_` + "`" + `{|}~]+)`), repl: "${1}REDACTED", @@ -175,7 +179,7 @@ func SanitizeLogFile(filePath string, output io.Writer) error { for i := 0; i < len(regexReplacements); i++ { // Apply the first three patterns only if the line contains "module":"feed", // "module":"filter", "repo":"release", or "module":"action" - if i < 3 { + if i < 4 { if bFilter { line = regexReplacements[i].pattern.ReplaceAllString(line, regexReplacements[i].repl) } diff --git a/internal/http/logs_sanitize_test.go b/internal/http/logs_sanitize_test.go index 216b56c..b030248 100644 --- a/internal/http/logs_sanitize_test.go +++ b/internal/http/logs_sanitize_test.go @@ -153,6 +153,10 @@ func TestSanitizeLogFile(t *testing.T) { input: "\"module\":\"filter\" \\\"id\\\": 3855,\\n \\\"apikey\\\": \\\"ad789a9s8d.asdpoiasdpojads09sad809\\\",\\n \\\"minratio\\\": 10.0\\n", expected: "\"module\":\"filter\" \\\"id\\\": 3855,\\n \\\"apikey\\\": \\\"REDACTED\\\",\\n \\\"minratio\\\": 10.0\\n", }, + { + input: "\"module\":\"filter\" request: https://username:password@111.server.name.here/qbittorrent/api/v2/torrents/info: error making request", + expected: "\"module\":\"filter\" request: https://REDACTED_USER:REDACTED_PW@111.server.name.here/qbittorrent/api/v2/torrents/info: error making request", + }, } for _, testCase := range testCases {