From f46dae659fe2eb9f2452b25451b33cc9cb677647 Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Sun, 14 Aug 2022 16:32:35 -0700 Subject: [PATCH] Better passwd redacting - including URLs --- cmd/git-sync/main.go | 39 ++++++++++++++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/cmd/git-sync/main.go b/cmd/git-sync/main.go index 0ee35bc..4435579 100644 --- a/cmd/git-sync/main.go +++ b/cmd/git-sync/main.go @@ -27,6 +27,7 @@ import ( "net" "net/http" "net/http/pprof" + "net/url" "os" "os/exec" "os/signal" @@ -718,25 +719,50 @@ func main() { } } -const redactedString = "" +const redactedString = "REDACTED" + +func redactURL(urlstr string) string { + u, err := url.Parse(urlstr) + if err != nil { + return err.Error() + } + if u.User != nil { + u.User = url.UserPassword(u.User.Username(), redactedString) + } + return u.String() +} // logSafeArgs makes sure any sensitive args (e.g. passwords) are redacted // before logging. func logSafeArgs(args []string) []string { ret := make([]string, len(args)) - redact := false + redactWholeArg := false + readactURLArg := false for i, arg := range args { - if redact { + if redactWholeArg { ret[i] = redactedString - redact = false + redactWholeArg = false continue } + if readactURLArg { + ret[i] = redactURL(arg) + readactURLArg = false + continue + } + // Handle --password if arg == "--password" { - redact = true + redactWholeArg = true } if strings.HasPrefix(arg, "--password=") { arg = "--password=" + redactedString } + // Handle password embedded in --repo + if arg == "--repo" { + readactURLArg = true + } + if strings.HasPrefix(arg, "--repo=") { + arg = "--repo=" + redactURL(arg[7:]) + } ret[i] = arg } return ret @@ -750,6 +776,9 @@ func logSafeEnv(env []string) []string { if strings.HasPrefix(ev, "GIT_SYNC_PASSWORD=") { ev = "GIT_SYNC_PASSWORD=" + redactedString } + if strings.HasPrefix(ev, "GIT_SYNC_REPO=") { + ev = "GIT_SYNC_REPO=" + redactURL(ev[14:]) + } ret[i] = ev } return ret