-
-
Notifications
You must be signed in to change notification settings - Fork 599
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
avoid showing full basic auth creds in proxy endpoint logs
- Loading branch information
Showing
4 changed files
with
133 additions
and
37 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
package tools | ||
|
||
import ( | ||
"net/url" | ||
"strings" | ||
) | ||
|
||
// StripPassword from URL address. | ||
func StripPassword(address string) string { | ||
u, err := url.Parse(address) | ||
if err != nil { | ||
return address | ||
} | ||
pass, passSet := u.User.Password() | ||
if passSet { | ||
return strings.Replace(u.String(), pass+"@", "***@", 1) | ||
} | ||
return u.String() | ||
} | ||
|
||
// GetLogAddresses returns a string with addresses (concatenated with comma) | ||
// with password stripped from each address. | ||
func GetLogAddresses(addresses []string) string { | ||
cleanedAddresses := make([]string, 0, len(addresses)) | ||
for _, a := range addresses { | ||
cleanedAddress := StripPassword(a) | ||
cleanedAddresses = append(cleanedAddresses, cleanedAddress) | ||
} | ||
return strings.Join(cleanedAddresses, ", ") | ||
} | ||
|
||
// RedactedLogURLs prepares URLs to be logged or shown in UI stripping auth info from them. | ||
func RedactedLogURLs(urls ...string) []string { | ||
var result []string | ||
|
||
for _, input := range urls { | ||
// Split the input by commas to handle comma-separated URLs. | ||
urlParts := strings.Split(input, ",") | ||
var cleanedParts []string | ||
|
||
for _, urlString := range urlParts { | ||
parsedURL, err := url.Parse(strings.TrimSpace(urlString)) | ||
var cleanedURL string | ||
if err != nil { | ||
cleanedURL = "<invalid_url>" | ||
} else { | ||
cleanedURL = parsedURL.Redacted() | ||
} | ||
cleanedParts = append(cleanedParts, cleanedURL) | ||
} | ||
|
||
// Combine the cleaned URLs back into a comma-separated string. | ||
if len(cleanedParts) > 0 { | ||
result = append(result, strings.Join(cleanedParts, ",")) | ||
} | ||
} | ||
|
||
return result | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
package tools | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
// TestGetLogURLs tests the RedactedLogURLs function using Redacted method. | ||
func TestGetLogURLs(t *testing.T) { | ||
t.Run("Single URL with auth info", func(t *testing.T) { | ||
input := "https://user:[email protected]/resource" | ||
expected := []string{"https://user:[email protected]/resource"} | ||
actual := RedactedLogURLs(input) | ||
require.Equal(t, expected, actual) | ||
}) | ||
|
||
t.Run("Multiple URLs with mixed auth info", func(t *testing.T) { | ||
input := "https://user:[email protected]/resource,https://another.com" | ||
expected := []string{"https://user:[email protected]/resource,https://another.com"} | ||
actual := RedactedLogURLs(input) | ||
require.Equal(t, expected, actual) | ||
}) | ||
|
||
t.Run("Multiple URLs with mixed spaces", func(t *testing.T) { | ||
input := "https://user:[email protected]/resource, https://another.com" | ||
expected := []string{"https://user:[email protected]/resource,https://another.com"} | ||
actual := RedactedLogURLs(input) | ||
require.Equal(t, expected, actual) | ||
}) | ||
|
||
t.Run("Single URL without auth info", func(t *testing.T) { | ||
input := "https://domain.com/resource" | ||
expected := []string{"https://domain.com/resource"} | ||
actual := RedactedLogURLs(input) | ||
require.Equal(t, expected, actual) | ||
}) | ||
|
||
t.Run("Invalid URL", func(t *testing.T) { | ||
input := "://invalid-url" | ||
expected := []string{"<invalid_url>"} | ||
actual := RedactedLogURLs(input) | ||
require.Equal(t, expected, actual) | ||
}) | ||
|
||
t.Run("Mixed valid and invalid URLs", func(t *testing.T) { | ||
input := "https://user:[email protected]/resource, ://invalid-url, https://valid.com" | ||
expected := []string{"https://user:[email protected]/resource,<invalid_url>,https://valid.com"} | ||
actual := RedactedLogURLs(input) | ||
require.Equal(t, expected, actual) | ||
}) | ||
|
||
t.Run("Multiple comma-separated URLs with auth", func(t *testing.T) { | ||
input := "https://user:[email protected], https://admin:[email protected], httpss://example.com/resource" | ||
expected := []string{"https://user:[email protected],https://admin:[email protected],httpss://example.com/resource"} | ||
actual := RedactedLogURLs(input) | ||
require.Equal(t, expected, actual) | ||
}) | ||
|
||
t.Run("GRPC addresses work correctly", func(t *testing.T) { | ||
// We use such format for GRPC proxy config. | ||
input := []string{"grpc://user:[email protected]:9000", "grpc://127.0.0.1:10000"} | ||
expected := []string{"grpc://user:[email protected]:9000", "grpc://127.0.0.1:10000"} | ||
actual := RedactedLogURLs(input...) | ||
require.Equal(t, expected, actual) | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters