mirror of
https://github.com/minio/minio.git
synced 2024-12-23 21:55:53 -05:00
parent
fdc2f69218
commit
878bc6c72b
@ -23,6 +23,7 @@ import (
|
||||
"net"
|
||||
"net/http"
|
||||
"reflect"
|
||||
"regexp"
|
||||
"runtime"
|
||||
"strconv"
|
||||
"strings"
|
||||
@ -80,6 +81,17 @@ func (r *recordRequest) Data() []byte {
|
||||
return logger.BodyPlaceHolder
|
||||
}
|
||||
|
||||
var ldapPwdRegex = regexp.MustCompile("(^.*?)LDAPPassword=([^&]*?)(&(.*?))?$")
|
||||
|
||||
// redact LDAP password if part of string
|
||||
func redactLDAPPwd(s string) string {
|
||||
parts := ldapPwdRegex.FindStringSubmatch(s)
|
||||
if len(parts) > 0 {
|
||||
return parts[1] + "LDAPPassword=*REDACTED*" + parts[3]
|
||||
}
|
||||
return s
|
||||
}
|
||||
|
||||
// getOpName sanitizes the operation name for mc
|
||||
func getOpName(name string) (op string) {
|
||||
op = strings.TrimPrefix(name, "github.com/minio/minio/cmd.")
|
||||
@ -129,7 +141,7 @@ func WebTrace(ri *jsonrpc.RequestInfo) trace.Info {
|
||||
Proto: r.Proto,
|
||||
Method: r.Method,
|
||||
Path: SlashSeparator + pathJoin(vars["bucket"], vars["object"]),
|
||||
RawQuery: r.URL.RawQuery,
|
||||
RawQuery: redactLDAPPwd(r.URL.RawQuery),
|
||||
Client: handlers.GetSourceIP(r),
|
||||
Headers: reqHeaders,
|
||||
}
|
||||
|
50
cmd/http-tracer_test.go
Normal file
50
cmd/http-tracer_test.go
Normal file
@ -0,0 +1,50 @@
|
||||
/*
|
||||
* MinIO Cloud Storage, (C) 2021 MinIO, Inc.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package cmd
|
||||
|
||||
import (
|
||||
"testing"
|
||||
)
|
||||
|
||||
// Test redactLDAPPwd()
|
||||
func TestRedactLDAPPwd(t *testing.T) {
|
||||
testCases := []struct {
|
||||
query string
|
||||
expectedQuery string
|
||||
}{
|
||||
{"", ""},
|
||||
{"?Action=AssumeRoleWithLDAPIdentity&LDAPUsername=myusername&LDAPPassword=can+youreadthis%3F&Version=2011-06-15",
|
||||
"?Action=AssumeRoleWithLDAPIdentity&LDAPUsername=myusername&LDAPPassword=*REDACTED*&Version=2011-06-15",
|
||||
},
|
||||
{"LDAPPassword=can+youreadthis%3F&Version=2011-06-15&?Action=AssumeRoleWithLDAPIdentity&LDAPUsername=myusername",
|
||||
"LDAPPassword=*REDACTED*&Version=2011-06-15&?Action=AssumeRoleWithLDAPIdentity&LDAPUsername=myusername",
|
||||
},
|
||||
{"?Action=AssumeRoleWithLDAPIdentity&LDAPUsername=myusername&Version=2011-06-15&LDAPPassword=can+youreadthis%3F",
|
||||
"?Action=AssumeRoleWithLDAPIdentity&LDAPUsername=myusername&Version=2011-06-15&LDAPPassword=*REDACTED*",
|
||||
},
|
||||
{
|
||||
"?x=y&a=b",
|
||||
"?x=y&a=b",
|
||||
},
|
||||
}
|
||||
for i, test := range testCases {
|
||||
gotQuery := redactLDAPPwd(test.query)
|
||||
if gotQuery != test.expectedQuery {
|
||||
t.Fatalf("test %d: expected %s got %s", i+1, test.expectedQuery, gotQuery)
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user