Escape user input for logs

nielsAD · nielsAD · commit 86b51f3cd8b3 · 2022-01-24T20:38:40.000+01:00
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,4 @@
+test=auto
+
+# gofmt enforces LF line endings
+*.go text eol=lf
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -26,7 +26,10 @@ jobs:
           go-version: ${{ matrix.go }}
 
       - name: Vet
-        run: go vet
+        run: go vet ./...
+
+      - name: Test
+        run: go test ./...
 
       - name: Build
         run: go build
diff --git a/fs.go b/fs.go
@@ -8,7 +8,6 @@ import (
 	"context"
 	"database/sql"
 	"encoding/json"
-	"net"
 	"net/http"
 	"net/url"
 	"os"
@@ -255,9 +254,9 @@ func (fs *CachedFS) DBReady() bool {
 }
 
 var (
-	escGlob  = regexp.MustCompile("[][*?]")
+	escGlob  = regexp.MustCompile(`[][*?]`)
 	escLike  = regexp.MustCompile("[%_`]")
-	escSpace = regexp.MustCompile("\\s+")
+	escSpace = regexp.MustCompile(`\s+`)
 )
 
 func escapeGlob(s string) string {
@@ -377,9 +376,7 @@ func (fs *CachedFS) serveCache(w http.ResponseWriter, r *http.Request) {
 	return
 
 interr:
-	h, _, _ := net.SplitHostPort(r.RemoteAddr)
-	logErr.Printf("%s \"%s %s %s\" \"%s\"\n", h, r.Method, r.URL, r.Proto, err.Error())
-	http.Error(w, err.Error(), http.StatusInternalServerError)
+	logError(http.StatusInternalServerError, err, w, r)
 }
 
 func (fs *CachedFS) serveLive(w http.ResponseWriter, r *http.Request) {
@@ -432,14 +429,11 @@ func (fs *CachedFS) serveLive(w http.ResponseWriter, r *http.Request) {
 		})
 	}
 
-	if err != nil {
-		h, _, _ := net.SplitHostPort(r.RemoteAddr)
-		if err == walk.ErrNonDir || os.IsNotExist(err) || os.IsPermission(err) {
-			http.NotFound(w, r)
-		} else {
-			logErr.Printf("%s \"%s %s %s\" \"%s\"\n", h, r.Method, r.URL, r.Proto, err.Error())
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-		}
+	if err == walk.ErrNonDir || os.IsNotExist(err) || os.IsPermission(err) {
+		http.NotFound(w, r)
+		return
+	} else if err != nil {
+		logError(http.StatusInternalServerError, err, w, r)
 		return
 	}
 
@@ -502,7 +496,5 @@ func (fs *CachedFS) Sitemap(w http.ResponseWriter, r *http.Request) {
 	return
 
 interr:
-	h, _, _ := net.SplitHostPort(r.RemoteAddr)
-	logErr.Printf("%s \"%s %s %s\" \"%s\"\n", h, r.Method, r.URL, r.Proto, err.Error())
-	http.Error(w, err.Error(), http.StatusInternalServerError)
+	logError(http.StatusInternalServerError, err, w, r)
 }
diff --git a/main.go b/main.go
@@ -98,7 +98,7 @@ func main() {
 
 	go func() {
 		sig := make(chan os.Signal, 1)
-		signal.Notify(sig, syscall.SIGINT, syscall.SIGTERM, os.Interrupt, os.Kill)
+		signal.Notify(sig, syscall.SIGINT, syscall.SIGTERM, os.Interrupt)
 		<-sig
 
 		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
@@ -148,15 +148,6 @@ func realIP(trustForward bool, han http.Handler) http.Handler {
 	})
 }
 
-func logRequest(han http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		u, _, _ := r.BasicAuth()
-		h, _, _ := net.SplitHostPort(r.RemoteAddr)
-		logOut.Printf("%s - %s [%s] \"%s %s %s\" 0 0 \"%s\" \"%s\"\n", h, orHyphen(u), time.Now().Format("02/Jan/2006:15:04:05 -0700"), r.Method, r.URL, r.Proto, orHyphen(r.Referer()), orHyphen(r.UserAgent()))
-		han.ServeHTTP(w, r)
-	})
-}
-
 func nodir(han http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.URL.Path == "" || strings.HasSuffix(r.URL.Path, "/") {
@@ -167,3 +158,30 @@ func nodir(han http.Handler) http.Handler {
 		han.ServeHTTP(w, r)
 	})
 }
+
+func logRequest(han http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		u, _, _ := r.BasicAuth()
+		h, _, _ := net.SplitHostPort(r.RemoteAddr)
+		logOut.Printf("%.128s - %.256s [%s] %.2048q 0 0 %.2048q %.1024q\n",
+			h,
+			orHyphen(u),
+			time.Now().Format("02/Jan/2006:15:04:05 -0700"),
+			r.Method+" "+r.URL.String()+" "+r.Proto,
+			orHyphen(r.Referer()),
+			orHyphen(r.UserAgent()),
+		)
+		han.ServeHTTP(w, r)
+	})
+}
+
+func logError(code int, err error, w http.ResponseWriter, r *http.Request) {
+	h, _, _ := net.SplitHostPort(r.RemoteAddr)
+	logErr.Printf("%.128s %.2048q %q\n",
+		h,
+		r.Method+" "+r.URL.String()+" "+r.Proto,
+		err.Error(),
+	)
+
+	http.Error(w, err.Error(), code)
+}
diff --git a/walk/getdents_stdlib.go b/walk/getdents_stdlib.go
@@ -2,6 +2,7 @@
 // Project: autoindex (https://github.com/nielsAD/autoindex)
 // License: Mozilla Public License, v2.0
 
+//go:build !freebsd && !linux && !netbsd && !openbsd
 // +build !freebsd,!linux,!netbsd,!openbsd
 
 package walk
@@ -11,23 +12,14 @@ import (
 )
 
 func getdents(name string, _ []byte) ([]Dirent, error) {
-	dir, err := os.Open(name)
+	dir, err := os.ReadDir(name)
 	if err != nil {
 		return nil, err
 	}
 
-	r, err := dir.Readdir(0)
-	if err != nil {
-		dir.Close()
-		return nil, err
-	}
-	if err := dir.Close(); err != nil {
-		return nil, err
-	}
-
-	res := make([]Dirent, len(r))
-	for i, info := range r {
-		res[i] = Dirent{name: info.Name(), modeType: info.Mode() & os.ModeType}
+	res := make([]Dirent, len(dir))
+	for i, info := range dir {
+		res[i] = Dirent{name: info.Name(), modeType: info.Type() & os.ModeType}
 	}
 
 	return res, nil
diff --git a/walk/getdents_unix.go b/walk/getdents_unix.go
@@ -2,6 +2,7 @@
 // Project: autoindex (https://github.com/nielsAD/autoindex)
 // License: Mozilla Public License, v2.0
 
+//go:build freebsd || linux || netbsd || openbsd
 // +build freebsd linux netbsd openbsd
 
 package walk
diff --git a/walk/walk_test.go b/walk/walk_test.go
@@ -0,0 +1,34 @@
+// Author:  Niels A.D.
+// Project: autoindex (https://github.com/nielsAD/autoindex)
+// License: Mozilla Public License, v2.0
+
+package walk_test
+
+import (
+	"reflect"
+	"sort"
+	"testing"
+
+	"github.com/nielsAD/autoindex/walk"
+)
+
+func TestWalk(t *testing.T) {
+	var expected = []string{".", "dirent.go", "getdents_stdlib.go", "getdents_unix.go", "walk.go", "walk_test.go"}
+
+	var files []string
+	walk.Walk(".", &walk.Options{
+		Visit: func(dir string, entry *walk.Dirent) error {
+			files = append(files, entry.Name())
+			return nil
+		},
+		Error: func(dir string, entry *walk.Dirent, err error) error {
+			t.Errorf("Error walking `%s`: %s\n", dir, err.Error())
+			return err
+		},
+	})
+
+	sort.Strings(files)
+	if !reflect.DeepEqual(files, expected) {
+		t.Errorf("Unexpected directory contents: %s\n", files)
+	}
+}
