feat(logs): sanitize basic auth in urls (#1188)

* Added regex pattern to capture credentials used to bypass auth * Updated test case for log sanitisation * Changed replacement pattern * Update logs_sanitize_test.go * fix: reorder regex patterns --------- Co-authored-by: soup <soup@r4tio.dev>
2025-07-23 08:49:13 +00:00 · 2023-10-28 11:04:57 +01:00 · 2023-10-28 11:04:57 +01:00 · 5225c1e956
commit 5225c1e956
parent 69f7cce116
2 changed files with 9 additions and 1 deletions
--- a/internal/http/logs.go
+++ b/internal/http/logs.go
@ -109,6 +109,10 @@ var (
 			pattern: regexp.MustCompile(`(https?://[^\s]+/((rss/download/[a-zA-Z0-9]+/)|torrent/download/((auto\.[a-zA-Z0-9]+\.|[a-zA-Z0-9]+\.))))([a-zA-Z0-9]+)`),
 			repl:    "${1}REDACTED",
 		},
+		{
+			pattern: regexp.MustCompile(`(https?://)(.*?):(.*?)@`),
+			repl:    "${1}REDACTED_USER:REDACTED_PW@",
+		},
 		{
 			pattern: regexp.MustCompile(`(NickServ IDENTIFY )([\p{L}0-9!#%&*+/:;<=>?@^_` + "`" + `{|}~]+)`),
 			repl:    "${1}REDACTED",
@ -175,7 +179,7 @@ func SanitizeLogFile(filePath string, output io.Writer) error {
 		for i := 0; i < len(regexReplacements); i++ {
 			// Apply the first three patterns only if the line contains "module":"feed",
 			// "module":"filter", "repo":"release", or "module":"action"
-			if i < 3 {
+			if i < 4 {
 				if bFilter {
 					line = regexReplacements[i].pattern.ReplaceAllString(line, regexReplacements[i].repl)
 				}