From 2e7e64471c42055e7105b0b0e64f27a2752b526e Mon Sep 17 00:00:00 2001 From: Jeffrey Morgan Date: Fri, 17 Apr 2015 22:26:36 -0400 Subject: [PATCH] Adding method to filter sensitive data --- src/DockerMachine.js | 6 +++--- src/SetupStore.js | 2 +- src/Util-test.js | 35 +++++++++++++++++++++++++++++++++++ src/Util.js | 12 ++++++++++-- src/WebUtil.js | 13 +++++++++---- styles/setup.less | 3 ++- 6 files changed, 60 insertions(+), 11 deletions(-) create mode 100644 src/Util-test.js diff --git a/src/DockerMachine.js b/src/DockerMachine.js index 326d963574..f015385b64 100644 --- a/src/DockerMachine.js +++ b/src/DockerMachine.js @@ -64,10 +64,10 @@ var DockerMachine = { }, create: function () { - return util.exec([DockerMachine.command(), 'create', '-d', 'virtualbox', '--virtualbox-memory', '2048', NAME]); + return util.exec([DockerMachine.command(), '-D', 'create', '-d', 'virtualbox', '--virtualbox-memory', '2048', NAME]); }, start: function () { - return util.exec([DockerMachine.command(), 'start', NAME]); + return util.exec([DockerMachine.command(), '-D', 'start', NAME]); }, stop: function () { return util.exec([DockerMachine.command(), 'stop', NAME]); @@ -79,7 +79,7 @@ var DockerMachine = { return util.exec([DockerMachine.command(), 'rm', '-f', NAME]); }, ip: function () { - return util.exec([DockerMachine.command(), 'ip', NAME]).then(stdout => { + return util.exec([DockerMachine.command(), '-D', 'ip', NAME]).then(stdout => { return Promise.resolve(stdout.trim().replace('\n', '')); }); }, diff --git a/src/SetupStore.js b/src/SetupStore.js index b4bf85df9e..fa91fe4ee9 100644 --- a/src/SetupStore.js +++ b/src/SetupStore.js @@ -187,7 +187,6 @@ var SetupStore = assign(Object.create(EventEmitter.prototype), { yield this.updateBinaries(); var steps = yield this.requiredSteps(); for (let step of steps) { - console.log(step.name); _currentStep = step; step.percent = 0; while (true) { @@ -241,6 +240,7 @@ var SetupStore = assign(Object.create(EventEmitter.prototype), { }); bugsnag.notify('SetupError', err.message, { error: err, + stderr: err.message, step: _currentStep }, 'info'); _error = err; diff --git a/src/Util-test.js b/src/Util-test.js new file mode 100644 index 0000000000..9f2a205864 --- /dev/null +++ b/src/Util-test.js @@ -0,0 +1,35 @@ +jest.dontMock('./Util'); +var util = require('./Util'); + +describe('Util', function () { + describe('removeSensitiveData', function () { + it('filters ssh certificate data', function () { + var testdata = String.raw`time="2015-04-17T21:43:47-04:00" level="debug" msg="executing: ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectionAttempts=30 -o LogLevel=quiet -p 50483 -i /Users/johnappleseed/.docker/machine/machines/dev2/id_rsa docker@localhost sudo mkdir -p /var/lib/boot2docker" time="2015-04-17T21:43:47-04:00" level="debug" msg="executing: ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectionAttempts=30 -o LogLevel=quiet -p 50483 -i /Users/johnappleseed/.docker/machine/machines/dev2/id_rsa docker@localhost echo \"-----BEGIN CERTIFICATE-----\nMIIC+DCCAeKgAwIBAgIRANfIbsa2M94gDY+fBiBiQBkwCwYJKoZIhvcNAQELMBIx\nEDAOBgNVBAoTB2ptb3JnYW4wHhcNMTUwNDE4MDEzODAwWhcNMTgwNDAyMDEzODAw\nWjAPMQ0wCwYDVQQKEwRkZXYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEA1yamWT0bk0pRU7eiStjiXe2jkzdeI0SdJZo+bjczkl6kzNW/FmR/OkcP8gHX\nCO3fUCWkR/+rBgz3nuM1Sy0BIUo0EMQGfx17OqIJPXO+BrpCHsXlphHmbQl5bE2Y\nF+bAsGc6WCippw/caNnIHRsb6zAZVYX2AHLYY0fwIDAQABo1AwTjAOBgNVHQ8BAf8EBAMCAKAwHQYD\nVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDwYDVR0R\nBAgwBocEwKhjZTALBgkqhkiG9w0BAQsDggEBAKBdD86+kl4X1VMjgGlNYnc42tWa\nbo1iDl/frxiLkfPSc2McAOm3AqX1ao+ynjqq1XTlBLPTQByu/oNZgA724LRJDfdG\nCKGUV8latW7rB1yhf/SZSmyhNjufuWlgCtbkw7Q/oPddzYuSOdDW8tVok9gMC0vL\naqKCWfVKkCmvGH+8/wPrkYmro/f0uwJ8ee+yrbBPlBE/qE+Lqcfr0YcXEDaS8CmL\nDjWg7KNFpA6M+/tFNQhplbjwRsCt7C4bzQu0aBIG5XH1Jr2HrKlLjWdmluPHWUL6\nX5Vh1bslYJzsSdBNZFWSKShZ+gtRpjtV7NynANDJPQNIRhDxAf4uDY9hA2c=\n-----END CERTIFICATE-----\n\" | sudo tee /var/lib/boot2docker/server.pem" + time="2015-04-17T21:43:47-04:00" level="debug" msg="executing: /usr/bin/VBoxManage showvminfo dev2 --machinereadable"`; + expect(util.removeSensitiveData(testdata).indexOf('CERTIFICATE')).toEqual(-1); + expect(util.removeSensitiveData(testdata).indexOf('nX5Vh1bslYJzsSdBNZFWSKShZ+gtRpjtV7NynANDJPQNIRhDxAf4uDY9hA2c')).toEqual(-1); + expect(util.removeSensitiveData(testdata).indexOf('')).toNotEqual(-1); + }); + + it('filters ssh private key data', function () { + var testdata = String.raw`hZbuxglOtQv2AQqOp/luhZ3Y8kDs4cqRzoA1o+k+LAyjEb+Nk\nGA8=\n-----END CERTIFICATE-----\n\" | sudo tee /var/lib/boot2docker/ca.pem" + time="2015-04-17T21:43:47-04:00" level="debug" msg="executing: ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectionAttempts=30 -o LogLevel=quiet -p 50483 -i /Users/johnappleseed/.docker/machine/machines/dev2/id_rsa docker@localhost echo \"-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA1yamWT0bk0pRU7eiStjiXe2jkzdeI0SdJZo+bjczkl6kzNW/\nFmR/OkcP8gHXCO3fUCWkR/+rBgz3nuM1Sy0BIUo0EMQGfx17OqIJPXO+BrpCHsXl\nphHmbQl5bE2YF+bAsGc6WCippczQIu5bPweeAkR1WdlkhD08tHD4o1ESe09fXx5G\nXcZFfd2xQWdvAJX3fTuGBk3IMEF2fye5b69zUyVDGbTylyjKDOi9Xxdlc4y9cOPw\nzcwQFCOJiCBYlxDO0fbinA+KigCs29Dd5U3oXbloLr3JQTE/SkxFh9W5rkX8ysY4\n2h3EnR7YIBWt/caNnIHRsb6zAZVYX2AHLYY0fwIDAQABAoIBAQDKF3TTh/G59WnU\n4D2iXnyqy8gFRVG4gP+3TV3s+w8HIr1b5j6akwVqwUs5//5zVbSYPPNF6eJESbPi\nW/s4ROq10VR8lxSfHBsfJQrW3TwWZ6gp7atbxZ6Stv6F+5CsisReLmiAXJmVsn+j\nAA9Xchk6egFcxzWCfV7jAuaZyVI53cclepm/xkGjPwrfXr+nA+UMvO6DllC6IcBF\no4+O0jVtzdMecZnQk6nWxNJjurodTTQakrNAqSMgBshn48wf3N35b+p8RtTzLJ8L\nYuHkv6OKMITIazcHadjsN8icGgIGf2BJ1CRje7j0Yzow8jwY+Pet3yxKSfXED89B\nD34AEXl5AoGBANi17og+yPFOWURUrksO/QyzlOtXcQdQu8SmkUj4ACoqF0gegQIb\nC/DNMcYxJAsPPgw/t5Ws/af8DuatYguGukmekYREVjc7DS/hPWDZzeavPd95cOw0\nuMPgJE76HJ3BSYcp1f8WKcN+xDket9CF6Qz+VX5aQSUEc333V5h7D/nzAoGBAP4o\nVCvQu5eKYmDhMFSOA0+Qm3EECRqMLoH6kpEcbMjM8+kOeI0fUuE3CX8nzs7P4py/\n0IFj2Yxl578NHJOjCpbB1UKtxLkmDH42wXXzrWJXRaWXC93dh1sl0aB6qE25FtSD\nzjYh4y1DA/t6y95YRrIqC2WhIU7eigIoujmtOFJFAoGABSKiiWX7ewRhRyY+jxbG\n1lM3FzCWRBccq/dKgBEoZ9dhf9sBMZyUdttV751gfkaZMM8duZVE2YM2ky7OoPlL\nVs1EI38/D8X9dQIAY1gl8e57J92H2IETU8ju81Qn83EOHf7WzFmpGbHaUoQw1Ocn\nc6BfREQ9QPRPDFAdKkbYRRMCgYEAl44k4xvNQUhb8blWwJUOlFt+1Z26cAI3mXp5\n+94fYH4W1Fq0uDJ9kZ7oItLyF5EPaLlY9E8+YuJBl0OSTtdicROUv/Yu4Nk3ievM\n4TE1qvavqVaw1NRM6qVao3+A7Rf57S/Lv6vldBAKR+OpviSVw5gew7OZ0RYS5caz\nhcEtXKECgYAJb7t67nococm0PsRe8Xv1SQOQjetrhzwzD1PLOSC9TrzwA22/ZktZ\neu/qfvYgOPT4LkDGVCzn8J+TAcUVnIvAnJRQTsBu55uiL8YC5jZQ8E1hBf7kskMq\nh16WD19Djv3WhfBNXBxvnagDDWw5DxmiiKzSf0k3QDDoX7wjDAV1dQ==\n-----END RSA PRIVATE KEY-----\n\" | sudo tee /var/lib/boot2docker/server-key.pem" + time="2015-04-17T21:43:47-04:00" level="debug" msg="executing: ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectionAttempts=30 -o LogLevel=quiet -p 50483 -i /Users/johnappleseed/.docker/machine/machines/dev2/id_rsa docker@localhost echo \"-----BEGIN CERTIFICATE-----\nMIIC+DCCAeKgAwIBAgIRANfIbsa2M94gDY+fBiBiQBkwCwYJKoZIhvcNAQELMBIx\nEDAOBg`; + expect(util.removeSensitiveData(testdata).indexOf('PRIVATE')).toEqual(-1); + expect(util.removeSensitiveData(testdata).indexOf('94fYH4W1Fq0uDJ9kZ7oItLyF5EPaLlY9E8+YuJBl0OSTtdicROUv')).toEqual(-1); + expect(util.removeSensitiveData(testdata).indexOf('')).toNotEqual(-1); + }); + + it('filters username data', function () { + var testdata = String.raw`-o UserKnownHostsFile=/dev/null -o ConnectionAttempts=30 -o LogLevel=quiet -p 50483 -i /Users/johnappleseed/.docker/machine/machines/dev2/id_rsa docker@localhost echo`; + expect(util.removeSensitiveData(testdata).indexOf('/Users/johnappleseed')).toEqual(-1); + expect(util.removeSensitiveData(testdata).indexOf('')).toNotEqual(-1); + }); + + it ('returns input if empty or not a string', function () { + expect(util.removeSensitiveData('')).toBe(''); + expect(util.removeSensitiveData(1)).toBe(1); + expect(util.removeSensitiveData(undefined)).toBe(undefined); + }); + }); +}); diff --git a/src/Util.js b/src/Util.js index a9ab1b2e0d..c2e38ed0f3 100644 --- a/src/Util.js +++ b/src/Util.js @@ -8,9 +8,9 @@ module.exports = { options = options || {}; return new Promise((resolve, reject) => { exec(args, options, (stderr, stdout, code) => { + console.log(stderr); if (code) { - var cmd = Array.isArray(args) ? args.join(' ') : args; - reject(new Error(cmd + ' returned non zero exit code\nstdout:' + stdout + '\nstderr:' + stderr)); + reject(new Error(stderr)); } else { resolve(stdout); } @@ -31,6 +31,14 @@ module.exports = { }); return acc; }, + removeSensitiveData: function (str) { + if (!str || str.length === 0 || typeof str !== 'string' ) { + return str; + } + return str.replace(/-----BEGIN CERTIFICATE-----.*-----END CERTIFICATE-----/mg, '') + .replace(/-----BEGIN RSA PRIVATE KEY-----.*-----END RSA PRIVATE KEY-----/mg, '') + .replace(/\/Users\/.*\//mg, ''); + }, resourceDir: function () { return process.env.RESOURCES_PATH; }, diff --git a/src/WebUtil.js b/src/WebUtil.js index dca2a9e67d..544ea1a7f9 100644 --- a/src/WebUtil.js +++ b/src/WebUtil.js @@ -35,10 +35,15 @@ var WebUtil = { }; bugsnag.beforeNotify = function(payload) { - var re = new RegExp(util.home().replace(/\s+/g, '\\s+'), 'g'); - payload.stacktrace = payload.stacktrace.replace(/%20/g, ' ').replace(re, ''); - payload.context = payload.context.replace(/%20/g, ' ').replace(re, ''); - payload.file = payload.file.replace(/%20/g, ' ').replace(re, ''); + payload.stacktrace = util.removeSensitiveData(payload.stacktrace); + payload.context = util.removeSensitiveData(payload.context); + payload.file = util.removeSensitiveData(payload.file); + + for(var key in payload.metaData) { + payload.metaData[key] = util.removeSensitiveData(payload.metaData[key]); + } + + payload.message = ''; payload.url = ''; }; } diff --git a/styles/setup.less b/styles/setup.less index 761fe6b4fb..ea89d8636c 100644 --- a/styles/setup.less +++ b/styles/setup.less @@ -59,7 +59,8 @@ background-color: lighten(@brand-negative, 32%); padding: 10px; border-radius: 4px; - -webkit-user-select: text; + max-height: 400px; + overflow: auto; } } }