Skip to content

Commit 70114c2

Browse files
author
Dalton
committed
AUTH-2977 log file protection
1 parent 5499c77 commit 70114c2

File tree

2 files changed

+58
-1
lines changed

2 files changed

+58
-1
lines changed

logger/create.go

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ package logger
33
import (
44
"fmt"
55
"os"
6+
"path/filepath"
67
"strings"
78
"time"
89

@@ -106,7 +107,7 @@ func New(opts ...Option) (Service, error) {
106107

107108
l := NewOutputWriter(SharedWriteManager)
108109
if config.logFileDirectory != "" {
109-
l.Add(NewFileRollingWriter(config.logFileDirectory,
110+
l.Add(NewFileRollingWriter(SanitizeLogPath(config.logFileDirectory),
110111
"cloudflared",
111112
int64(config.maxFileSize),
112113
config.maxFileCount),
@@ -139,3 +140,13 @@ func ParseLevelString(lvl string) ([]Level, error) {
139140
}
140141
return []Level{}, fmt.Errorf("not a valid log level: %q", lvl)
141142
}
143+
144+
// SanitizeLogPath checks that the logger log path
145+
func SanitizeLogPath(path string) string {
146+
newPath := strings.TrimSpace(path)
147+
// make sure it has a log file extension and is not a directory
148+
if filepath.Ext(newPath) != ".log" && !(isDirectory(newPath) || strings.HasSuffix(newPath, "/")) {
149+
newPath = newPath + ".log"
150+
}
151+
return newPath
152+
}

logger/create_test.go

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
package logger
2+
3+
import (
4+
"testing"
5+
6+
"github.com/stretchr/testify/assert"
7+
)
8+
9+
func TestLogLevelParse(t *testing.T) {
10+
lvls, err := ParseLevelString("fatal")
11+
assert.NoError(t, err)
12+
assert.Equal(t, []Level{FatalLevel}, lvls)
13+
14+
lvls, err = ParseLevelString("error")
15+
assert.NoError(t, err)
16+
assert.Equal(t, []Level{FatalLevel, ErrorLevel}, lvls)
17+
18+
lvls, err = ParseLevelString("info")
19+
assert.NoError(t, err)
20+
assert.Equal(t, []Level{FatalLevel, ErrorLevel, InfoLevel}, lvls)
21+
22+
lvls, err = ParseLevelString("info")
23+
assert.NoError(t, err)
24+
assert.Equal(t, []Level{FatalLevel, ErrorLevel, InfoLevel}, lvls)
25+
26+
lvls, err = ParseLevelString("warn")
27+
assert.NoError(t, err)
28+
assert.Equal(t, []Level{FatalLevel, ErrorLevel, InfoLevel}, lvls)
29+
30+
lvls, err = ParseLevelString("debug")
31+
assert.NoError(t, err)
32+
assert.Equal(t, []Level{FatalLevel, ErrorLevel, InfoLevel, DebugLevel}, lvls)
33+
34+
_, err = ParseLevelString("blah")
35+
assert.Error(t, err)
36+
37+
_, err = ParseLevelString("")
38+
assert.Error(t, err)
39+
}
40+
41+
func TestPathSanitizer(t *testing.T) {
42+
assert.Equal(t, "somebad/path/log.bat.log", SanitizeLogPath("\t somebad/path/log.bat\n\n"))
43+
assert.Equal(t, "proper/path/cloudflared.log", SanitizeLogPath("proper/path/cloudflared.log"))
44+
assert.Equal(t, "proper/path/", SanitizeLogPath("proper/path/"))
45+
assert.Equal(t, "proper/path/cloudflared.log", SanitizeLogPath("\tproper/path/cloudflared\n\n"))
46+
}

0 commit comments

Comments
 (0)