Browse code
DebugRequestMiddleware: Remove path handling
Path-specific rules were removed, so this is no longer used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 530e63c1a61b105a6f7fc143c5acb9b5cd87f958)
Signed-off-by: Tibor Vass <tibor@docker.com>
Sebastiaan van Stijn authored on 2019/07/03 23:16:22Showing 2 changed files
| ... | ... |
@@ -41,7 +41,7 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri |
| 41 | 41 |
|
| 42 | 42 |
var postForm map[string]interface{}
|
| 43 | 43 |
if err := json.Unmarshal(b, &postForm); err == nil {
|
| 44 |
- maskSecretKeys(postForm, r.RequestURI) |
|
| 44 |
+ maskSecretKeys(postForm) |
|
| 45 | 45 |
formStr, errMarshal := json.Marshal(postForm) |
| 46 | 46 |
if errMarshal == nil {
|
| 47 | 47 |
logrus.Debugf("form data: %s", string(formStr))
|
| ... | ... |
@@ -54,18 +54,10 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri |
| 54 | 54 |
} |
| 55 | 55 |
} |
| 56 | 56 |
|
| 57 |
-func maskSecretKeys(inp interface{}, path string) {
|
|
| 58 |
- // Remove any query string from the path |
|
| 59 |
- idx := strings.Index(path, "?") |
|
| 60 |
- if idx != -1 {
|
|
| 61 |
- path = path[:idx] |
|
| 62 |
- } |
|
| 63 |
- // Remove trailing / characters |
|
| 64 |
- path = strings.TrimRight(path, "/") |
|
| 65 |
- |
|
| 57 |
+func maskSecretKeys(inp interface{}) {
|
|
| 66 | 58 |
if arr, ok := inp.([]interface{}); ok {
|
| 67 | 59 |
for _, f := range arr {
|
| 68 |
- maskSecretKeys(f, path) |
|
| 60 |
+ maskSecretKeys(f) |
|
| 69 | 61 |
} |
| 70 | 62 |
return |
| 71 | 63 |
} |
| ... | ... |
@@ -92,7 +84,7 @@ func maskSecretKeys(inp interface{}, path string) {
|
| 92 | 92 |
continue loop0 |
| 93 | 93 |
} |
| 94 | 94 |
} |
| 95 |
- maskSecretKeys(v, path) |
|
| 95 |
+ maskSecretKeys(v) |
|
| 96 | 96 |
} |
| 97 | 97 |
} |
| 98 | 98 |
} |
| ... | ... |
@@ -10,49 +10,16 @@ import ( |
| 10 | 10 |
func TestMaskSecretKeys(t *testing.T) {
|
| 11 | 11 |
tests := []struct {
|
| 12 | 12 |
doc string |
| 13 |
- path string |
|
| 14 | 13 |
input map[string]interface{}
|
| 15 | 14 |
expected map[string]interface{}
|
| 16 | 15 |
}{
|
| 17 | 16 |
{
|
| 18 |
- doc: "secret create with API version", |
|
| 19 |
- path: "/v1.30/secrets/create", |
|
| 17 |
+ doc: "secret/config create and update requests", |
|
| 20 | 18 |
input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
|
| 21 | 19 |
expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
|
| 22 | 20 |
}, |
| 23 | 21 |
{
|
| 24 |
- doc: "secret create with API version and trailing slashes", |
|
| 25 |
- path: "/v1.30/secrets/create//", |
|
| 26 |
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
|
|
| 27 |
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
|
|
| 28 |
- }, |
|
| 29 |
- {
|
|
| 30 |
- doc: "secret create with query param", |
|
| 31 |
- path: "/secrets/create?key=val", |
|
| 32 |
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
|
|
| 33 |
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
|
|
| 34 |
- }, |
|
| 35 |
- {
|
|
| 36 |
- doc: "secret update with API version", |
|
| 37 |
- path: "/v1.30/secrets/mysecret/update", |
|
| 38 |
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
|
|
| 39 |
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
|
|
| 40 |
- }, |
|
| 41 |
- {
|
|
| 42 |
- doc: "secret update with API version and trailing slashes", |
|
| 43 |
- path: "/v1.30/secrets/mysecret/update//", |
|
| 44 |
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
|
|
| 45 |
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
|
|
| 46 |
- }, |
|
| 47 |
- {
|
|
| 48 |
- doc: "secret update with query parameter", |
|
| 49 |
- path: "/secrets/mysecret/update?version=34", |
|
| 50 |
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
|
|
| 51 |
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
|
|
| 52 |
- }, |
|
| 53 |
- {
|
|
| 54 |
- doc: "other paths with API version", |
|
| 55 |
- path: "/v1.30/some/other/path", |
|
| 22 |
+ doc: "masking other fields (recursively)", |
|
| 56 | 23 |
input: map[string]interface{}{
|
| 57 | 24 |
"password": "pass", |
| 58 | 25 |
"secret": "secret", |
| ... | ... |
@@ -83,8 +50,7 @@ func TestMaskSecretKeys(t *testing.T) {
|
| 83 | 83 |
}, |
| 84 | 84 |
}, |
| 85 | 85 |
{
|
| 86 |
- doc: "other paths with API version case insensitive", |
|
| 87 |
- path: "/v1.30/some/other/path", |
|
| 86 |
+ doc: "case insensitive field matching", |
|
| 88 | 87 |
input: map[string]interface{}{
|
| 89 | 88 |
"PASSWORD": "pass", |
| 90 | 89 |
"other": map[string]interface{}{
|
| ... | ... |
@@ -102,7 +68,7 @@ func TestMaskSecretKeys(t *testing.T) {
|
| 102 | 102 |
|
| 103 | 103 |
for _, testcase := range tests {
|
| 104 | 104 |
t.Run(testcase.doc, func(t *testing.T) {
|
| 105 |
- maskSecretKeys(testcase.input, testcase.path) |
|
| 105 |
+ maskSecretKeys(testcase.input) |
|
| 106 | 106 |
assert.Check(t, is.DeepEqual(testcase.expected, testcase.input)) |
| 107 | 107 |
}) |
| 108 | 108 |
} |