fix: Improve token redaction in CLI arg logging #2118
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#2115 aimed to redact auth tokens when logging the arguments to the CLI. Although that change addressed some cases where auth tokens were passed as a CLI argument, not all cases were addressed. For example, the following was redacted properly with #2115: ```sh sentry-cli --auth-token this-gets-redacted --log-level=info info ``` But, the following was not: ```sh sentry-cli --auth-token=this-does-not-get-redacted --log-level=info info ``` The difference is that in the second example, the auth token is passed with `--auth-token=token` rather than separated by whitespace `--auth-token token`. This change improves the redacting so that auth tokens passed like `--auth-token=token` are also redacted. The change also redacts any non-whitespace-containing substrings starting with `sntrys_` or `sntryu_` (prefixes that all auth tokens generated in the latest version of Sentry should start with), so that if an auth token appears where it is not expected, we redact it. For example, the following would be redacted with this change: ```sh sentry-cli --auth=sntrys_my-token-passed-as-non-existing-auth-argument --log-level=info info ``` Note that as in #2115, this change is only relevant in the case where the log level is set to `info` or `debug` (the default is `warn`) – command line arguments are logged at the `info` level.
szokeasaurusrex
force-pushed
the
szokeasaurusrex/auth-token-redacting
branch
from
6669030
to
5c1ac1f
Compare
This was referenced Sep 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#2115 aimed to redact auth tokens when logging the arguments to the CLI. Although that change addressed some cases where auth tokens were passed as a CLI argument, not all cases were addressed. For example, the following was redacted properly with #2115:
But, the following was not:
The difference is that in the second example, the auth token is passed with
--auth-token=tokenrather than separated by whitespace--auth-token token.This change improves the redacting so that auth tokens passed like
--auth-token=tokenare also redacted. The change also redacts any non-whitespace-containing substrings starting withsntrys_orsntryu_(prefixes that all auth tokens generated in the latest version of Sentry should start with), so that if an auth token appears where it is not expected, we redact it. For example, the following would be redacted with this change:Note that as in #2115, this change is only relevant in the case where the log level is set to
infoordebug(the default iswarn) – command line arguments are logged at theinfolevel.