Skip to content

Commit

Permalink
adding log sanitization
Browse files Browse the repository at this point in the history
  • Loading branch information
@madflojo
madflojo committed Jul 4, 2024
1 parent 4b757b9 commit 98bba3e
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 2 deletions.
5 changes: 3 additions & 2 deletions pkg/app/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"github.com/julienschmidt/httprouter"
"github.com/sirupsen/logrus"
"github.com/tarmac-project/tarmac/pkg/config"
"github.com/tarmac-project/tarmac/pkg/sanitize"
)

// isPProf is a regex that validates if the given path is used for PProf
Expand Down Expand Up @@ -50,7 +51,7 @@ func (srv *Server) middleware(n httprouter.Handle) httprouter.Handle {
"remote-addr": r.RemoteAddr,
"http-protocol": r.Proto,
"content-length": r.ContentLength,
}).Debugf("HTTP Request to %s received", r.URL.EscapedPath())
}).Debugf("HTTP Request to %s received", sanitize.String(r.URL.EscapedPath()))

// Verify if PProf
if isPProf.MatchString(r.URL.EscapedPath()) && !srv.cfg.GetBool("enable_pprof") {
Expand All @@ -76,7 +77,7 @@ func (srv *Server) middleware(n httprouter.Handle) httprouter.Handle {
"http-protocol": r.Proto,
"content-length": r.ContentLength,
"duration": time.Since(now).Milliseconds(),
}).Debugf("HTTP Request to %s complete", r.URL.EscapedPath())
}).Debugf("HTTP Request to %s complete", sanitize.String(r.URL.EscapedPath()))
}
}

Expand Down
13 changes: 13 additions & 0 deletions pkg/sanitize/sanitize.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
/*
Package sanitize provides functions to sanitize user input into a safe format.
*/
package sanitize

import (
"strings"
)

// String sanitizes a string by removing any non-alphanumeric characters.
func String(s string) string {
return strings.ReplaceAll(strings.ReplaceAll(s, "\r", ""), "\n", "")

Check warning on line 12 in pkg/sanitize/sanitize.go

View check run for this annotation

Codecov / codecov/patch

pkg/sanitize/sanitize.go#L11-L12 

Added lines #L11 - L12 were not covered by tests
}
26 changes: 26 additions & 0 deletions pkg/sanitize/sanitize_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
package sanitize

import (
"testing"
)

type TestCase struct {
input string
expected string
}

func TestSanitize(t *testing.T) {
tt := []TestCase{
{"hello\nworld", "helloworld"},
{"hello\rworld", "helloworld"},
{"hello\r\nworld", "helloworld"},
{"hello world", "hello world"},
{`{ "hello": "world" }`, `{ "hello": "world" }`},
}

for _, tc := range tt {
if got := String(tc.input); got != tc.expected {
t.Errorf("Sanitize(%s) = %s; want %s", tc.input, got, tc.expected)
}
}
}

0 comments on commit 98bba3e

Please sign in to comment.