mirror of https://github.com/0xERR0R/blocky.git
fix(log): don't print querylog target password when using a database
This commit is contained in:
parent
28f979fdf7
commit
2c6b704433
|
@ -1,6 +1,9 @@
|
|||
package config
|
||||
|
||||
import (
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
|
@ -32,7 +35,7 @@ func (c *QueryLog) LogConfig(logger *logrus.Entry) {
|
|||
logger.Infof("type: %s", c.Type)
|
||||
|
||||
if c.Target != "" {
|
||||
logger.Infof("target: %s", c.Target)
|
||||
logger.Infof("target: %s", c.censoredTarget())
|
||||
}
|
||||
|
||||
logger.Infof("logRetentionDays: %d", c.LogRetentionDays)
|
||||
|
@ -41,3 +44,27 @@ func (c *QueryLog) LogConfig(logger *logrus.Entry) {
|
|||
logger.Infof("flushInterval: %s", c.FlushInterval)
|
||||
logger.Infof("fields: %s", c.Fields)
|
||||
}
|
||||
|
||||
func (c *QueryLog) censoredTarget() string {
|
||||
// Make sure there's a scheme, otherwise the user is parsed as the scheme
|
||||
targetStr := c.Target
|
||||
if !strings.Contains(targetStr, "://") {
|
||||
targetStr = c.Type.String() + "://" + targetStr
|
||||
}
|
||||
|
||||
target, err := url.Parse(targetStr)
|
||||
if err != nil {
|
||||
return c.Target
|
||||
}
|
||||
|
||||
if target.User == nil {
|
||||
return c.Target
|
||||
}
|
||||
|
||||
// Drop the password since special chars like * get URL escaped
|
||||
if pass, hasPass :=target.User.Password(); hasPass {
|
||||
return strings.Replace(target.String(), pass, strings.Repeat("*", len(pass)), 1)
|
||||
}
|
||||
|
||||
return target.String()
|
||||
}
|
||||
|
|
|
@ -55,6 +55,21 @@ var _ = Describe("QueryLogConfig", func() {
|
|||
Expect(hook.Calls).ShouldNot(BeEmpty())
|
||||
Expect(hook.Messages).Should(ContainElement(ContainSubstring("logRetentionDays:")))
|
||||
})
|
||||
|
||||
DescribeTable("doesn't print the target password", func(target string) {
|
||||
cfg.Type = QueryLogTypeMysql
|
||||
cfg.Target = target
|
||||
|
||||
cfg.LogConfig(logger)
|
||||
|
||||
Expect(hook.Calls).ShouldNot(BeEmpty())
|
||||
Expect(hook.Messages).ShouldNot(ContainElement(ContainSubstring("password")))
|
||||
},
|
||||
Entry("without scheme", "user:password@localhost"),
|
||||
Entry("with scheme", "scheme://user:password@localhost"),
|
||||
Entry("no password", "localhost"),
|
||||
Entry("not a URL", "invalid!://"),
|
||||
)
|
||||
})
|
||||
|
||||
Describe("SetDefaults", func() {
|
||||
|
|
Loading…
Reference in New Issue