diff options
| author | Zeger-Jan van de Weg <git@zjvandeweg.nl> | 2018-11-09 13:17:03 +0300 |
|---|---|---|
| committer | Zeger-Jan van de Weg <git@zjvandeweg.nl> | 2018-11-27 14:16:43 +0300 |
| commit | 14cba74f46401020b15415ea0454c5081418677e (patch) | |
| tree | 36a8ff9df8563b583b69fb87f5c901d0799f8ade | |
| parent | 48512ae7537da17ca680710e9b7160633d9e9a14 (diff) | |
Introduce a security func to scrub error messages
This helper was around already, so this is a duplication but now its
tested. Later we could move all other occurances to leverage this
helper.
| -rw-r--r-- | internal/helper/security.go | 11 | ||||
| -rw-r--r-- | internal/helper/security_test.go | 18 |
2 files changed, 29 insertions, 0 deletions
diff --git a/internal/helper/security.go b/internal/helper/security.go index 8dae4f9c5..afbcced9d 100644 --- a/internal/helper/security.go +++ b/internal/helper/security.go @@ -2,6 +2,7 @@ package helper import ( "os" + "regexp" "strings" ) @@ -13,3 +14,13 @@ func ContainsPathTraversal(path string) bool { strings.Contains(path, separator+".."+separator) || strings.HasSuffix(path, separator+"..") } + +// Pattern taken from Regular Expressions Cookbook, slightly modified though +// |Scheme |User |Named/IPv4 host|IPv6+ host +var hostPattern = regexp.MustCompile(`(?i)([a-z][a-z0-9+\-.]*://)([a-z0-9\-._~%!$&'()*+,;=:]+@)([a-z0-9\-._~%]+|\[[a-z0-9\-._~%!$&'()*+,;=:]+\])`) + +// SanitizeString will clean password and tokens from URLs, and replace them +// with [FILTERED]. +func SanitizeString(str string) string { + return hostPattern.ReplaceAllString(str, "$1[FILTERED]@$3$4") +} diff --git a/internal/helper/security_test.go b/internal/helper/security_test.go index cd31d9f73..9a8125dac 100644 --- a/internal/helper/security_test.go +++ b/internal/helper/security_test.go @@ -22,3 +22,21 @@ func TestContainsPathTraversal(t *testing.T) { assert.Equal(t, tc.containsTraversal, ContainsPathTraversal(tc.path)) } } + +func TestSanitizeString(t *testing.T) { + testCases := []struct { + input string + output string + }{ + {"https://foo_the_user@gitlab.com/foo/bar", "https://[FILTERED]@gitlab.com/foo/bar"}, + {"https://foo_the_user:hUntEr1@gitlab.com/foo/bar", "https://[FILTERED]@gitlab.com/foo/bar"}, + {"proto://user:password@gitlab.com", "proto://[FILTERED]@gitlab.com"}, + {"some message proto://user:password@gitlab.com", "some message proto://[FILTERED]@gitlab.com"}, + {"test", "test"}, + {"ssh://@gitlab.com", "ssh://@gitlab.com"}, + } + + for _, tc := range testCases { + assert.Equal(t, tc.output, SanitizeString(tc.input)) + } +} |