1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
package logsanitizer
import (
"bytes"
"fmt"
"io/ioutil"
"testing"
log "github.com/sirupsen/logrus"
"github.com/stretchr/testify/require"
)
func TestUrlSanitizerHook(t *testing.T) {
outBuf := &bytes.Buffer{}
urlSanitizer := NewURLSanitizerHook()
urlSanitizer.AddPossibleGrpcMethod(
"UpdateRemoteMirror",
"CreateRepositoryFromURL",
)
logger := log.New()
logger.Out = outBuf
logger.Hooks.Add(urlSanitizer)
testCases := []struct {
desc string
logFunc func()
expectedString string
}{
{
desc: "with args",
logFunc: func() {
logger.WithFields(log.Fields{
"grpc.method": "CreateRepositoryFromURL",
"args": []string{"/usr/bin/git", "clone", "--bare", "--", "https://foo_the_user:hUntEr1@gitlab.com/foo/bar", "/home/git/repositories/foo/bar"},
}).Info("spawn")
},
expectedString: "[/usr/bin/git clone --bare -- https://[FILTERED]@gitlab.com/foo/bar /home/git/repositories/foo/bar]",
},
{
desc: "with error",
logFunc: func() {
logger.WithFields(log.Fields{
"grpc.method": "UpdateRemoteMirror",
"error": fmt.Errorf("rpc error: code = Unknown desc = remote: Invalid username or password. fatal: Authentication failed for 'https://foo_the_user:hUntEr1@gitlab.com/foo/bar'"),
}).Error("ERROR")
},
expectedString: "rpc error: code = Unknown desc = remote: Invalid username or password. fatal: Authentication failed for 'https://[FILTERED]@gitlab.com/foo/bar'",
},
{
desc: "with message",
logFunc: func() {
logger.WithFields(log.Fields{
"grpc.method": "CreateRepositoryFromURL",
}).Info("asked for: https://foo_the_user:hUntEr1@gitlab.com/foo/bar")
},
expectedString: "asked for: https://[FILTERED]@gitlab.com/foo/bar",
},
{
desc: "with gRPC method not added to the list",
logFunc: func() {
logger.WithFields(log.Fields{
"grpc.method": "UserDeleteTag",
}).Error("fatal: 'https://foo_the_user:hUntEr1@gitlab.com/foo/bar' is not a valid tag name.")
},
expectedString: "fatal: 'https://foo_the_user:hUntEr1@gitlab.com/foo/bar' is not a valid tag name.",
},
{
desc: "log with URL that does not require sanitization",
logFunc: func() {
logger.WithFields(log.Fields{
"grpc.method": "CreateRepositoryFromURL",
}).Info("asked for: https://gitlab.com/gitlab-org/gitaly")
},
expectedString: "asked for: https://gitlab.com/gitlab-org/gitaly",
},
}
for _, testCase := range testCases {
t.Run(testCase.desc, func(t *testing.T) {
testCase.logFunc()
logOutput := outBuf.String()
require.Contains(t, logOutput, testCase.expectedString)
})
}
}
func BenchmarkUrlSanitizerWithoutSanitization(b *testing.B) {
urlSanitizer := NewURLSanitizerHook()
logger := log.New()
logger.Out = ioutil.Discard
logger.Hooks.Add(urlSanitizer)
benchmarkLogging(logger, b)
}
func BenchmarkUrlSanitizerWithSanitization(b *testing.B) {
urlSanitizer := NewURLSanitizerHook()
urlSanitizer.AddPossibleGrpcMethod(
"UpdateRemoteMirror",
"CreateRepositoryFromURL",
)
logger := log.New()
logger.Out = ioutil.Discard
logger.Hooks.Add(urlSanitizer)
benchmarkLogging(logger, b)
}
func benchmarkLogging(logger *log.Logger, b *testing.B) {
for n := 0; n < b.N; n++ {
logger.WithFields(log.Fields{
"grpc.method": "CreateRepositoryFromURL",
"args": []string{"/usr/bin/git", "clone", "--bare", "--", "https://foo_the_user:hUntEr1@gitlab.com/foo/bar", "/home/git/repositories/foo/bar"},
}).Info("spawn")
logger.WithFields(log.Fields{
"grpc.method": "UpdateRemoteMirror",
"error": fmt.Errorf("rpc error: code = Unknown desc = remote: Invalid username or password. fatal: Authentication failed for 'https://foo_the_user:hUntEr1@gitlab.com/foo/bar'"),
}).Error("ERROR")
logger.WithFields(log.Fields{
"grpc.method": "CreateRepositoryFromURL",
}).Info("asked for: https://foo_the_user:hUntEr1@gitlab.com/foo/bar")
}
}
|