Redact some params of URLs in logs to avoid printing sensitive info

2021-04-15 07:59:38 -07:00 · 2021-04-15 07:59:38 -07:00 · 5c28d36c9b
commit 5c28d36c9b
parent 12a3636351
3 changed files with 18 additions and 5 deletions
--- a/test/integration/concierge_impersonation_proxy_test.go
+++ b/test/integration/concierge_impersonation_proxy_test.go
@ -745,7 +745,7 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl
 				dialer.Proxy = func(req *http.Request) (*url.URL, error) {
 					proxyURL, err := url.Parse(env.Proxy)
 					require.NoError(t, err)
-					t.Logf("passing request for %s through proxy %s", req.URL, proxyURL.String())
+					t.Logf("passing request for %s through proxy %s", library.RedactURLParams(req.URL), proxyURL.String())
 					return proxyURL, nil
 				}
 			}
@ -823,7 +823,7 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl
 				httpTransport.Proxy = func(req *http.Request) (*url.URL, error) {
 					proxyURL, err := url.Parse(env.Proxy)
 					require.NoError(t, err)
-					t.Logf("passing request for %s through proxy %s", req.URL, proxyURL.String())
+					t.Logf("passing request for %s through proxy %s", library.RedactURLParams(req.URL), proxyURL.String())
 					return proxyURL, nil
 				}
 			}
@ -1146,7 +1146,7 @@ func kubeconfigProxyFunc(t *testing.T, squidProxyURL string) func(req *http.Requ
 		t.Helper()
 		parsedSquidProxyURL, err := url.Parse(squidProxyURL)
 		require.NoError(t, err)
-		t.Logf("passing request for %s through proxy %s", req.URL, parsedSquidProxyURL.String())
+		t.Logf("passing request for %s through proxy %s", library.RedactURLParams(req.URL), parsedSquidProxyURL.String())
 		return parsedSquidProxyURL, nil
 	}
 }
--- a/test/integration/supervisor_login_test.go
+++ b/test/integration/supervisor_login_test.go
@ -157,12 +157,12 @@ func testSupervisorLogin(
 					return nil, nil
 				}
 				if env.Proxy == "" {
-					t.Logf("passing request for %s with no proxy", req.URL)
+					t.Logf("passing request for %s with no proxy", library.RedactURLParams(req.URL))
 					return nil, nil
 				}
 				proxyURL, err := url.Parse(env.Proxy)
 				require.NoError(t, err)
-				t.Logf("passing request for %s through proxy %s", req.URL, proxyURL.String())
+				t.Logf("passing request for %s through proxy %s", library.RedactURLParams(req.URL), proxyURL.String())
 				return proxyURL, nil
 			},
 		},
--- a/test/library/iotest.go
+++ b/test/library/iotest.go
@ -6,6 +6,7 @@ package library
 import (
 	"fmt"
 	"io"
+	"net/url"
 	"regexp"
 	"strings"
 	"testing"
@ -50,3 +51,15 @@ func MaskTokens(in string) string {
 		return fmt.Sprintf("[...%d bytes...]", len(t))
 	})
 }
+
+// Remove any potentially sensitive query param and fragment values for test logging.
+func RedactURLParams(fullURL *url.URL) string {
+	copyOfURL, _ := url.Parse(fullURL.String())
+	if len(copyOfURL.RawQuery) > 0 {
+		copyOfURL.RawQuery = "redacted"
+	}
+	if len(copyOfURL.Fragment) > 0 {
+		copyOfURL.Fragment = "redacted"
+	}
+	return copyOfURL.String()
+}