Fix secret values exposed in logs issue

andyzhangx · andyzhangx · commit cda78e7a95c8 · 2019-05-14T13:23:32.000Z
diff --git a/pkg/csi-common/utils.go b/pkg/csi-common/utils.go
@@ -18,6 +18,7 @@ package csicommon
 
 import (
 	"fmt"
+	"regexp"
 	"strings"
 
 	"github.com/container-storage-interface/spec/lib/go/csi"
@@ -102,9 +103,15 @@ func RunControllerandNodePublishServer(endpoint string, d *CSIDriver, cs csi.Con
 	s.Wait()
 }
 
+// regex to mask secrets in log messages
+var reqSecretsRegex, _ = regexp.Compile("secrets\\s*:\\s*<key:\"(.*?)\"\\s*value:\".*?\"")
+
 func logGRPC(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+
+	s := fmt.Sprintf("GRPC request: %+v", req)
 	klog.V(3).Infof("GRPC call: %s", info.FullMethod)
-	klog.V(5).Infof("GRPC request: %+v", req)
+	klog.V(5).Info(reqSecretsRegex.ReplaceAllString(s, "secrets:<key:\"$1\" value:\"****\""))
+
 	resp, err := handler(ctx, req)
 	if err != nil {
 		klog.Errorf("GRPC error: %v", err)
diff --git a/pkg/csi-common/utils_test.go b/pkg/csi-common/utils_test.go
@@ -17,6 +17,12 @@ limitations under the License.
 package csicommon
 
 import (
+	"bytes"
+	"context"
+	"flag"
+	"github.com/container-storage-interface/spec/lib/go/csi"
+	"google.golang.org/grpc"
+	"k8s.io/klog"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -74,3 +80,68 @@ func TestParseEndpoint(t *testing.T) {
 	_, _, err = ParseEndpoint("")
 	assert.NotNil(t, err)
 }
+
+func TestLogGRPC(t *testing.T) {
+	// SET UP
+	klog.InitFlags(nil)
+	if e := flag.Set("logtostderr", "false"); e != nil {
+		t.Error(e)
+	}
+	if e := flag.Set("alsologtostderr", "false"); e != nil {
+		t.Error(e)
+	}
+	if e := flag.Set("v", "100"); e != nil {
+		t.Error(e)
+	}
+	flag.Parse()
+
+	buf := new(bytes.Buffer)
+	klog.SetOutput(buf)
+
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) { return nil, nil }
+	info := grpc.UnaryServerInfo{
+		FullMethod: "fake",
+	}
+
+	tests := []struct {
+		name   string
+		req    interface{}
+		expStr string
+	}{
+		{
+			"with secrets",
+			&csi.NodeStageVolumeRequest{
+				VolumeId: "vol_1",
+				Secrets: map[string]string{
+					"account_name": "k8s",
+					"account_key":  "testkey",
+				},
+				XXX_sizecache: 100,
+			},
+			`GRPC request: volume_id:"vol_1" secrets:<key:"account_key" value:"****" > secrets:<key:"account_name" value:"****" >`,
+		},
+		{
+			"without secrets",
+			&csi.ListSnapshotsRequest{
+				StartingToken: "testtoken",
+			},
+			`GRPC request: starting_token:"testtoken"`,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			// EXECUTE
+			_, _ = logGRPC(context.Background(), test.req, &info, handler)
+			klog.Flush()
+
+			// ASSERT
+			assert.Contains(t, buf.String(), "GRPC call: fake")
+			assert.Contains(t, buf.String(), test.expStr)
+			assert.Contains(t, buf.String(), "GRPC response: <nil>")
+
+			// CLEANUP
+			buf.Reset()
+		})
+	}
+}
