Skip to content

Commit

Permalink
fix: made sure any tokens output in the logs are now censored (#143)
Browse files Browse the repository at this point in the history
  • Loading branch information
lindell authored Jun 17, 2021
1 parent fbf3069 commit 0e5cee7
Show file tree
Hide file tree
Showing 2 changed files with 59 additions and 4 deletions.
25 changes: 21 additions & 4 deletions cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"github.com/lindell/multi-gitter/internal/git/cmdgit"
"github.com/lindell/multi-gitter/internal/git/gogit"
"github.com/lindell/multi-gitter/internal/http"
internallog "github.com/lindell/multi-gitter/internal/log"
"github.com/lindell/multi-gitter/internal/multigitter"
"github.com/lindell/multi-gitter/internal/scm/gitea"
"github.com/lindell/multi-gitter/internal/scm/github"
Expand Down Expand Up @@ -200,19 +201,35 @@ func logFlagInit(cmd *cobra.Command, args []string) error {

// Parse and set the log format
strFormat, _ := cmd.Flags().GetString("log-format")

var formatter log.Formatter
switch strFormat {
case "text":
log.SetFormatter(&log.TextFormatter{})
formatter = &log.TextFormatter{}
case "json":
log.SetFormatter(&log.JSONFormatter{})
formatter = &log.JSONFormatter{}
case "json-pretty":
log.SetFormatter(&log.JSONFormatter{
formatter = &log.JSONFormatter{
PrettyPrint: true,
})
}
default:
return fmt.Errorf(`unknown log-format "%s"`, strFormat)
}

// Make sure sensitive data is censored before logging them
var censorItems []internallog.CensorItem
if token, err := getToken(cmd.Flags()); err == nil && token != "" {
censorItems = append(censorItems, internallog.CensorItem{
Sensitive: token,
Replacement: "<TOKEN>",
})
}

log.SetFormatter(&internallog.CensorFormatter{
CensorItems: censorItems,
UnderlyingFormatter: formatter,
})

// Set the output (file)
strFile, _ := cmd.Flags().GetString("log-file")
if strFile == "" {
Expand Down
38 changes: 38 additions & 0 deletions internal/log/censor-formatter.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
package log

import (
"bytes"
"strings"

log "github.com/sirupsen/logrus"
)

// CensorFormatter makes sure sensitive data is not logged.
// It works as a middleware and sensors the data before sending it to an underlying formatter
type CensorFormatter struct {
CensorItems []CensorItem
UnderlyingFormatter log.Formatter
}

// CensorItem is something that should be censored, Sensitive will be replaced with Replacement
type CensorItem struct {
Sensitive string
Replacement string
}

// Format censors some data and sends the entry to the underlying formatter
func (f *CensorFormatter) Format(entry *log.Entry) ([]byte, error) {
for _, s := range f.CensorItems {
entry.Message = strings.ReplaceAll(entry.Message, s.Sensitive, s.Replacement)

for key := range entry.Data {
if str, ok := entry.Data[key].(string); ok {
entry.Data[key] = strings.ReplaceAll(str, s.Sensitive, s.Replacement)
}
if bb, ok := entry.Data[key].([]byte); ok {
entry.Data[key] = bytes.ReplaceAll(bb, []byte(s.Sensitive), []byte(s.Replacement))
}
}
}
return f.UnderlyingFormatter.Format(entry)
}

0 comments on commit 0e5cee7

Please sign in to comment.