idanoo/autobrr
1
0
Fork 0
mirror of https://github.com/idanoo/autobrr synced 2025-07-23 08:49:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(logs): sanitize basic auth in urls (#1188)

Browse source 
* Added regex pattern to capture credentials used to bypass auth

* Updated test case for log sanitisation

* Changed replacement pattern

* Update logs_sanitize_test.go

* fix: reorder regex patterns

---------

Co-authored-by: soup <soup@r4tio.dev>
This commit is contained in:
Daniel Williams 2023-10-28 11:04:57 +01:00 committed by GitHub
parent 69f7cce116
commit 5225c1e956
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
internal/http/logs.go
View file

@ -109,6 +109,10 @@ var (
pattern: regexp.MustCompile(`(https?://[^\s]+/((rss/download/[a-zA-Z0-9]+/)|torrent/download/((auto\.[a-zA-Z0-9]+\.|[a-zA-Z0-9]+\.))))([a-zA-Z0-9]+)`), pattern: regexp.MustCompile(`(https?://[^\s]+/((rss/download/[a-zA-Z0-9]+/)|torrent/download/((auto\.[a-zA-Z0-9]+\.|[a-zA-Z0-9]+\.))))([a-zA-Z0-9]+)`),
repl: "${1}REDACTED", repl: "${1}REDACTED",
}, },
{
pattern: regexp.MustCompile(`(https?://)(.*?):(.*?)@`),
repl: "${1}REDACTED_USER:REDACTED_PW@",
},
{ {
pattern: regexp.MustCompile(`(NickServ IDENTIFY )([\p{L}0-9!#%&*+/:;<=>?@^_` + "`" + `{|}~]+)`), pattern: regexp.MustCompile(`(NickServ IDENTIFY )([\p{L}0-9!#%&*+/:;<=>?@^_` + "`" + `{|}~]+)`),
repl: "${1}REDACTED", repl: "${1}REDACTED",
@ -175,7 +179,7 @@ func SanitizeLogFile(filePath string, output io.Writer) error {
for i := 0; i < len(regexReplacements); i++ { for i := 0; i < len(regexReplacements); i++ {
// Apply the first three patterns only if the line contains "module":"feed", // Apply the first three patterns only if the line contains "module":"feed",
// "module":"filter", "repo":"release", or "module":"action" // "module":"filter", "repo":"release", or "module":"action"
if i < 3 { if i < 4 {
if bFilter { if bFilter {
line = regexReplacements[i].pattern.ReplaceAllString(line, regexReplacements[i].repl) line = regexReplacements[i].pattern.ReplaceAllString(line, regexReplacements[i].repl)
} }

4
internal/http/logs_sanitize_test.go
View file

@ -153,6 +153,10 @@ func TestSanitizeLogFile(t *testing.T) {
input: "\"module\":\"filter\" \\\"id\\\": 3855,\\n \\\"apikey\\\": \\\"ad789a9s8d.asdpoiasdpojads09sad809\\\",\\n \\\"minratio\\\": 10.0\\n", input: "\"module\":\"filter\" \\\"id\\\": 3855,\\n \\\"apikey\\\": \\\"ad789a9s8d.asdpoiasdpojads09sad809\\\",\\n \\\"minratio\\\": 10.0\\n",
expected: "\"module\":\"filter\" \\\"id\\\": 3855,\\n \\\"apikey\\\": \\\"REDACTED\\\",\\n \\\"minratio\\\": 10.0\\n", expected: "\"module\":\"filter\" \\\"id\\\": 3855,\\n \\\"apikey\\\": \\\"REDACTED\\\",\\n \\\"minratio\\\": 10.0\\n",
}, },
{
input: "\"module\":\"filter\" request: https://username:password@111.server.name.here/qbittorrent/api/v2/torrents/info: error making request",
expected: "\"module\":\"filter\" request: https://REDACTED_USER:REDACTED_PW@111.server.name.here/qbittorrent/api/v2/torrents/info: error making request",
},
} }
for _, testCase := range testCases { for _, testCase := range testCases {