Merge pull request #65 from blakeroberts-wk/sanitizeApiKeyForLogging

sanitize API key for logging on harvester creation
newrelic · Jul 2, 2021 · a9d1b33 · a9d1b33
2 parents 8699fa2 + c20edd5
commit a9d1b33
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/telemetry/harvester.go b/telemetry/harvester.go
@@ -11,6 +11,7 @@ import (
 	"math/rand"
 	"net/http"
 	"net/url"
+	"strings"
 	"sync"
 	"time"
 
@@ -42,6 +43,9 @@ const (
 	// NOTE:  These constant values are used in Config field doc comments.
 	defaultHarvestPeriod  = 5 * time.Second
 	defaultHarvestTimeout = 15 * time.Second
+
+	// euKeyPrefix is used to sanitize the api-key for logging.
+	euKeyPrefix = "eu01xx"
 )
 
 var (
@@ -144,7 +148,7 @@ func NewHarvester(options ...func(*Config)) (*Harvester, error) {
 
 	h.config.logDebug(map[string]interface{}{
 		"event":                  "harvester created",
-		"api-key":                h.config.APIKey,
+		"api-key":                sanitizeAPIKeyForLogging(h.config.APIKey),
 		"harvest-period-seconds": h.config.HarvestPeriod.Seconds(),
 		"metrics-url-override":   h.config.MetricsURLOverride,
 		"spans-url-override":     h.config.SpansURLOverride,
@@ -160,6 +164,17 @@ func NewHarvester(options ...func(*Config)) (*Harvester, error) {
 	return h, nil
 }
 
+func sanitizeAPIKeyForLogging(apiKey string) string {
+	if len(apiKey) <= 8 {
+		return apiKey
+	}
+	end := 8
+	if strings.HasPrefix(apiKey, euKeyPrefix) {
+		end += len(euKeyPrefix)
+	}
+	return apiKey[:end]
+}
+
 var (
 	errSpanIDUnset     = errors.New("span id must be set")
 	errTraceIDUnset    = errors.New("trace id must be set")

diff --git a/telemetry/harvester_test.go b/telemetry/harvester_test.go
@@ -129,6 +129,19 @@ func validateReqUsedCorrectEndpointValues(reqs []*http.Request, expectedURL stri
 	}
 }
 
+func TestSanitizeApiKeyForLogging(t *testing.T) {
+	assertEqual := func(expected, actual string) {
+		if actual != expected {
+			t.Errorf("Got %s but expected %s", actual, expected)
+		}
+	}
+	assertEqual("", sanitizeAPIKeyForLogging(""))
+	assertEqual("", sanitizeAPIKeyForLogging(""))
+	assertEqual("foo", sanitizeAPIKeyForLogging("foo"))
+	assertEqual("foobarba", sanitizeAPIKeyForLogging("foobarbazqux"))
+	assertEqual("eu01xxfoobarba", sanitizeAPIKeyForLogging("eu01xxfoobarbazqux"))
+}
+
 func TestHarvesterRecordSpan(t *testing.T) {
 	t.Parallel()