From 98bba3ebff9cade117a8a776a17b9c7fb83aaec8 Mon Sep 17 00:00:00 2001 From: Benjamin Cane Date: Thu, 4 Jul 2024 16:08:57 -0700 Subject: [PATCH 1/2] adding log sanitization --- pkg/app/server.go | 5 +++-- pkg/sanitize/sanitize.go | 13 +++++++++++++ pkg/sanitize/sanitize_test.go | 26 ++++++++++++++++++++++++++ 3 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 pkg/sanitize/sanitize.go create mode 100644 pkg/sanitize/sanitize_test.go diff --git a/pkg/app/server.go b/pkg/app/server.go index ecf3baa..c662582 100644 --- a/pkg/app/server.go +++ b/pkg/app/server.go @@ -10,6 +10,7 @@ import ( "github.com/julienschmidt/httprouter" "github.com/sirupsen/logrus" "github.com/tarmac-project/tarmac/pkg/config" + "github.com/tarmac-project/tarmac/pkg/sanitize" ) // isPProf is a regex that validates if the given path is used for PProf @@ -50,7 +51,7 @@ func (srv *Server) middleware(n httprouter.Handle) httprouter.Handle { "remote-addr": r.RemoteAddr, "http-protocol": r.Proto, "content-length": r.ContentLength, - }).Debugf("HTTP Request to %s received", r.URL.EscapedPath()) + }).Debugf("HTTP Request to %s received", sanitize.String(r.URL.EscapedPath())) // Verify if PProf if isPProf.MatchString(r.URL.EscapedPath()) && !srv.cfg.GetBool("enable_pprof") { @@ -76,7 +77,7 @@ func (srv *Server) middleware(n httprouter.Handle) httprouter.Handle { "http-protocol": r.Proto, "content-length": r.ContentLength, "duration": time.Since(now).Milliseconds(), - }).Debugf("HTTP Request to %s complete", r.URL.EscapedPath()) + }).Debugf("HTTP Request to %s complete", sanitize.String(r.URL.EscapedPath())) } } diff --git a/pkg/sanitize/sanitize.go b/pkg/sanitize/sanitize.go new file mode 100644 index 0000000..61acacf --- /dev/null +++ b/pkg/sanitize/sanitize.go @@ -0,0 +1,13 @@ +/* +Package sanitize provides functions to sanitize user input into a safe format. +*/ +package sanitize + +import ( + "strings" +) + +// String sanitizes a string by removing any non-alphanumeric characters. +func String(s string) string { + return strings.ReplaceAll(strings.ReplaceAll(s, "\r", ""), "\n", "") +} diff --git a/pkg/sanitize/sanitize_test.go b/pkg/sanitize/sanitize_test.go new file mode 100644 index 0000000..72d479d --- /dev/null +++ b/pkg/sanitize/sanitize_test.go @@ -0,0 +1,26 @@ +package sanitize + +import ( + "testing" +) + +type TestCase struct { + input string + expected string +} + +func TestSanitize(t *testing.T) { + tt := []TestCase{ + {"hello\nworld", "helloworld"}, + {"hello\rworld", "helloworld"}, + {"hello\r\nworld", "helloworld"}, + {"hello world", "hello world"}, + {`{ "hello": "world" }`, `{ "hello": "world" }`}, + } + + for _, tc := range tt { + if got := String(tc.input); got != tc.expected { + t.Errorf("Sanitize(%s) = %s; want %s", tc.input, got, tc.expected) + } + } +} From 724496b41d714fbae41bfb6ed727ef351c58da2d Mon Sep 17 00:00:00 2001 From: Benjamin Cane Date: Thu, 4 Jul 2024 16:17:38 -0700 Subject: [PATCH 2/2] Update pkg/sanitize/sanitize.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- pkg/sanitize/sanitize.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/sanitize/sanitize.go b/pkg/sanitize/sanitize.go index 61acacf..70ab3cd 100644 --- a/pkg/sanitize/sanitize.go +++ b/pkg/sanitize/sanitize.go @@ -7,7 +7,7 @@ import ( "strings" ) -// String sanitizes a string by removing any non-alphanumeric characters. +// String sanitizes a string by removing newline characters. func String(s string) string { return strings.ReplaceAll(strings.ReplaceAll(s, "\r", ""), "\n", "") }