NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commit72e60ca

Callum Styan

committed

be explicit about which fields we want to log as opposed to which we

want to denySigned-off-by: Callum Styan <callum@coder.com>

1 parent268daf9 commit72e60caCopy full SHA for 72e60ca

File tree

2 files changed

+46

-24

lines changed

coderd/httpmw/loggermw
- logger.go
- logger_internal_test.go

2 files changed

+46

-24

lines changed

`‎coderd/httpmw/loggermw/logger.go‎`

Lines changed: 32 additions & 13 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ import (`
`5`	`5`	`"fmt"`
`6`	`6`	`"net/http"`
`7`	`7`	`"net/url"`
	`8`	`+"strconv"`
`8`	`9`	`"strings"`
`9`	`10`	`"sync"`
`10`	`11`	`"time"`
`@@ -17,7 +18,8 @@ import (`
`17`	`18`	`"github.com/coder/coder/v2/coderd/tracing"`
`18`	`19`	`)`
`19`	`20`
`20`		`-varsensitivePatterns= []string{"code","token","key","secret","password","auth","credential","api_key"}`
	`21`	`+varsafeParams= []string{"page","limit","offset"}`
	`22`	`+varcountParams= []string{"ids","template_ids"}`
`21`	`23`
`22`	`24`	`funcsafeQueryParams(params url.Values) []slog.Field {`
`23`	`25`	`iflen(params)==0 {`
`@@ -26,25 +28,42 @@ func safeQueryParams(params url.Values) []slog.Field {`
`26`	`28`
`27`	`29`	`fields:=make([]slog.Field,0,len(params))`
`28`	`30`	`forkey,values:=rangeparams {`
`29`		`-sensitive:=false`
`30`		`-`
`31`		`-// Check if this parameter should be redacted`
`32`		`-for_,pattern:=rangesensitivePatterns {`
`33`		`-ifstrings.Contains(strings.ToLower(key),pattern) {`
`34`		`-sensitive=true`
	`31`	`+// Check if this parameter should be included`
	`32`	`+for_,pattern:=rangesafeParams {`
	`33`	`+ifstrings.EqualFold(key,pattern) {`
	`34`	`+// Prepend query parameters in the log line to ensure we don't have issues with collisions`
	`35`	`+// in case any other internal logging fields already log fields with similar names`
	`36`	`+fieldName:="query_"+key`
	`37`	`+`
	`38`	`+// Log the actual values for non-sensitive parameters`
	`39`	`+iflen(values)==1 {`
	`40`	`+fields=append(fields,slog.F(fieldName,values[0]))`
	`41`	`+continue`
	`42`	`+}`
	`43`	`+fields=append(fields,slog.F(fieldName,values))`
`35`	`44`	`}`
`36`	`45`	`}`
`37`		`-if!sensitive {`
	`46`	`+// Some query params we just want to log the count of the params length`
	`47`	`+for_,pattern:=rangecountParams {`
	`48`	`+if!strings.EqualFold(key,pattern) {`
	`49`	`+continue`
	`50`	`+}`
	`51`	`+count:=0`
	`52`	`+`
`38`	`53`	`// Prepend query parameters in the log line to ensure we don't have issues with collisions`
`39`	`54`	`// in case any other internal logging fields already log fields with similar names`
`40`	`55`	`fieldName:="query_"+key`
`41`	`56`
`42`		`-// Log the actual values for non-sensitive parameters`
`43`		`-iflen(values)==1 {`
`44`		`-fields=append(fields,slog.F(fieldName,values[0]))`
`45`		`-continue`
	`57`	`+// Count comma-separated values for CSV format`
	`58`	`+for_,v:=rangevalues {`
	`59`	`+ifstrings.Contains(v,",") {`
	`60`	`+count+=len(strings.Split(v,","))`
	`61`	`+continue`
	`62`	`+}`
	`63`	`+count++`
`46`	`64`	`}`
`47`		`-fields=append(fields,slog.F(fieldName,values))`
	`65`	`+// For logging we always want strings`
	`66`	`+fields=append(fields,slog.F(fieldName+"_count",strconv.Itoa(count)))`
`48`	`67`	`}`
`49`	`68`	`}`
`50`	`69`	`returnfields`

`‎coderd/httpmw/loggermw/logger_internal_test.go‎`

Lines changed: 14 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -304,20 +304,24 @@ func TestSafeQueryParams(t *testing.T) {`
`304`	`304`	`{`
`305`	`305`	`name:"safe parameters",`
`306`	`306`	`params: url.Values{`
`307`		`-"page": []string{"1"},`
`308`		`-"limit": []string{"10"},`
`309`		`-"filter": []string{"active"},`
`310`		`-"sort": []string{"name"},`
	`307`	`+"page": []string{"1"},`
	`308`	`+"limit": []string{"10"},`
	`309`	`+"filter": []string{"active"},`
	`310`	`+"sort": []string{"name"},`
	`311`	`+"offset": []string{"2"},`
	`312`	`+"ids": []string{"some-id,another-id","second-param"},`
	`313`	`+"template_ids": []string{"some-id,another-id","second-param"},`
`311`	`314`	`},`
`312`	`315`	`expected:map[string]interface{}{`
`313`		`-"query_page":"1",`
`314`		`-"query_limit":"10",`
`315`		`-"query_filter":"active",`
`316`		`-"query_sort":"name",`
	`316`	`+"query_page":"1",`
	`317`	`+"query_limit":"10",`
	`318`	`+"query_offset":"2",`
	`319`	`+"query_ids_count":"3",`
	`320`	`+"query_template_ids_count":"3",`
`317`	`321`	`},`
`318`	`322`	`},`
`319`	`323`	`{`
`320`		`-name:"sensitive parameters",`
	`324`	`+name:"unknown/sensitive parameters",`
`321`	`325`	`params: url.Values{`
`322`	`326`	`"token": []string{"secret-token"},`
`323`	`327`	`"api_key": []string{"secret-key"},`
`@@ -336,8 +340,7 @@ func TestSafeQueryParams(t *testing.T) {`
`336`	`340`	`"filter": []string{"active"},`
`337`	`341`	`},`
`338`	`342`	`expected:map[string]interface{}{`
`339`		`-"query_page":"1",`
`340`		`-"query_filter":"active",`
	`343`	`+"query_page":"1",`
`341`	`344`	`},`
`342`	`345`	`},`
`343`	`346`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit72e60ca

File tree

2 files changed

2 files changed

`‎coderd/httpmw/loggermw/logger.go‎`

`‎coderd/httpmw/loggermw/logger_internal_test.go‎`

0 commit comments