Redact password when logging args
This commit is contained in:
Tim Hockin
parent
c62f6cb833
commit
9529c24f6d
|
|
@ -430,7 +430,7 @@ func main() {
|
|||
"uid", os.Getuid(),
|
||||
"gid", os.Getgid(),
|
||||
"home", os.Getenv("HOME"),
|
||||
"args", os.Args)
|
||||
"args", logSafeArgs(os.Args))
|
||||
|
||||
if _, err := exec.LookPath(*flGitCmd); err != nil {
|
||||
log.Error(err, "ERROR: git executable not found", "git", *flGitCmd)
|
||||
|
|
@ -717,6 +717,30 @@ func main() {
|
|||
}
|
||||
}
|
||||
|
||||
// logSafeArgs makes sure any sensitive args (e.g. passwords) are redacted
|
||||
// before logging.
|
||||
func logSafeArgs(args []string) []string {
|
||||
const redacted = "<REDACTED>"
|
||||
|
||||
ret := make([]string, len(args))
|
||||
redact := false
|
||||
for i, arg := range args {
|
||||
if redact {
|
||||
ret[i] = redacted
|
||||
redact = false
|
||||
continue
|
||||
}
|
||||
if arg == "--password" {
|
||||
redact = true
|
||||
}
|
||||
if strings.HasPrefix(arg, "--password=") {
|
||||
arg = "--password=" + redacted
|
||||
}
|
||||
ret[i] = arg
|
||||
}
|
||||
return ret
|
||||
}
|
||||
|
||||
func normalizePath(path string) (string, error) {
|
||||
delinked, err := filepath.EvalSymlinks(path)
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Reference in New Issue