djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Redact some params of URLs in logs to avoid printing sensitive info

Browse Source
This commit is contained in:
Ryan Richard 2021-04-15 07:59:38 -07:00
parent 12a3636351
commit 5c28d36c9b
3 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
test/integration/concierge_impersonation_proxy_test.go
View File

@ -745,7 +745,7 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl
dialer.Proxy = func(req *http.Request) (*url.URL, error) { dialer.Proxy = func(req *http.Request) (*url.URL, error) {
proxyURL, err := url.Parse(env.Proxy) proxyURL, err := url.Parse(env.Proxy)
require.NoError(t, err) require.NoError(t, err)
t.Logf("passing request for %s through proxy %s", req.URL, proxyURL.String()) t.Logf("passing request for %s through proxy %s", library.RedactURLParams(req.URL), proxyURL.String())
return proxyURL, nil return proxyURL, nil
} }
} }
@ -823,7 +823,7 @@ func TestImpersonationProxy(t *testing.T) { //nolint:gocyclo // yeah, it's compl
httpTransport.Proxy = func(req *http.Request) (*url.URL, error) { httpTransport.Proxy = func(req *http.Request) (*url.URL, error) {
proxyURL, err := url.Parse(env.Proxy) proxyURL, err := url.Parse(env.Proxy)
require.NoError(t, err) require.NoError(t, err)
t.Logf("passing request for %s through proxy %s", req.URL, proxyURL.String()) t.Logf("passing request for %s through proxy %s", library.RedactURLParams(req.URL), proxyURL.String())
return proxyURL, nil return proxyURL, nil
} }
} }
@ -1146,7 +1146,7 @@ func kubeconfigProxyFunc(t *testing.T, squidProxyURL string) func(req *http.Requ
t.Helper() t.Helper()
parsedSquidProxyURL, err := url.Parse(squidProxyURL) parsedSquidProxyURL, err := url.Parse(squidProxyURL)
require.NoError(t, err) require.NoError(t, err)
t.Logf("passing request for %s through proxy %s", req.URL, parsedSquidProxyURL.String()) t.Logf("passing request for %s through proxy %s", library.RedactURLParams(req.URL), parsedSquidProxyURL.String())
return parsedSquidProxyURL, nil return parsedSquidProxyURL, nil
} }
} }

4
test/integration/supervisor_login_test.go
View File

@ -157,12 +157,12 @@ func testSupervisorLogin(
return nil, nil return nil, nil
} }
if env.Proxy == "" { if env.Proxy == "" {
t.Logf("passing request for %s with no proxy", req.URL) t.Logf("passing request for %s with no proxy", library.RedactURLParams(req.URL))
return nil, nil return nil, nil
} }
proxyURL, err := url.Parse(env.Proxy) proxyURL, err := url.Parse(env.Proxy)
require.NoError(t, err) require.NoError(t, err)
t.Logf("passing request for %s through proxy %s", req.URL, proxyURL.String()) t.Logf("passing request for %s through proxy %s", library.RedactURLParams(req.URL), proxyURL.String())
return proxyURL, nil return proxyURL, nil
}, },
}, },

13
test/library/iotest.go
View File

@ -6,6 +6,7 @@ package library
import ( import (
"fmt" "fmt"
"io" "io"
"net/url"
"regexp" "regexp"
"strings" "strings"
"testing" "testing"
@ -50,3 +51,15 @@ func MaskTokens(in string) string {
return fmt.Sprintf("[...%d bytes...]", len(t)) return fmt.Sprintf("[...%d bytes...]", len(t))
}) })
} }
// Remove any potentially sensitive query param and fragment values for test logging.
func RedactURLParams(fullURL *url.URL) string {
copyOfURL, _ := url.Parse(fullURL.String())
if len(copyOfURL.RawQuery) > 0 {
copyOfURL.RawQuery = "redacted"
}
if len(copyOfURL.Fragment) > 0 {
copyOfURL.Fragment = "redacted"
}
return copyOfURL.String()
}