better naming scheme that does not leak secrets

laverya · laverya · commit d37ace6e51f5 · 2020-05-19T17:21:55.000-04:00
diff --git a/pkg/redact/literal.go b/pkg/redact/literal.go
@@ -10,12 +10,14 @@ import (
 type literalRedactor struct {
 	matchString string
 	filePath    string
+	redactName  string
 }
 
-func literalString(matchString, path string) Redactor {
+func literalString(matchString, path, name string) Redactor {
 	return literalRedactor{
 		matchString: matchString,
 		filePath:    path,
+		redactName:  name,
 	}
 }
 
@@ -52,7 +54,7 @@ func (r literalRedactor) Redact(input io.Reader) io.Reader {
 
 			if clean != line {
 				go addRedaction(Redaction{
-					RedactorName:      fmt.Sprintf("literal %q", r.matchString),
+					RedactorName:      r.redactName,
 					CharactersRemoved: len(line) - len(clean),
 					Line:              lineNum,
 					File:              r.filePath,
diff --git a/pkg/redact/multi_line.go b/pkg/redact/multi_line.go
@@ -8,13 +8,14 @@ import (
 )
 
 type MultiLineRedactor struct {
-	re1      *regexp.Regexp
-	re2      *regexp.Regexp
-	maskText string
-	filePath string
+	re1        *regexp.Regexp
+	re2        *regexp.Regexp
+	maskText   string
+	filePath   string
+	redactName string
 }
 
-func NewMultiLineRedactor(re1, re2, maskText, path string) (*MultiLineRedactor, error) {
+func NewMultiLineRedactor(re1, re2, maskText, path, name string) (*MultiLineRedactor, error) {
 	compiled1, err := regexp.Compile(re1)
 	if err != nil {
 		return nil, err
@@ -23,7 +24,7 @@ func NewMultiLineRedactor(re1, re2, maskText, path string) (*MultiLineRedactor,
 	if err != nil {
 		return nil, err
 	}
-	return &MultiLineRedactor{re1: compiled1, re2: compiled2, maskText: maskText, filePath: path}, nil
+	return &MultiLineRedactor{re1: compiled1, re2: compiled2, maskText: maskText, filePath: path, redactName: name}, nil
 }
 
 func (r *MultiLineRedactor) Redact(input io.Reader) io.Reader {
@@ -70,7 +71,7 @@ func (r *MultiLineRedactor) Redact(input io.Reader) io.Reader {
 			// if clean is not equal to line2, a redaction was performed
 			if clean != line2 {
 				go addRedaction(Redaction{
-					RedactorName:      fmt.Sprintf("multiline %q/%q", r.re1, r.re2),
+					RedactorName:      r.redactName,
 					CharactersRemoved: len(line2) - len(clean),
 					Line:              lineNum,
 					File:              r.filePath,
diff --git a/pkg/redact/redact.go b/pkg/redact/redact.go
@@ -79,7 +79,7 @@ func Redact(input []byte, path string, additionalRedactors []*troubleshootv1beta
 
 func buildAdditionalRedactors(path string, redacts []*troubleshootv1beta1.Redact) ([]Redactor, error) {
 	additionalRedactors := []Redactor{}
-	for _, redact := range redacts {
+	for i, redact := range redacts {
 		if redact == nil {
 			continue
 		}
@@ -93,28 +93,30 @@ func buildAdditionalRedactors(path string, redacts []*troubleshootv1beta1.Redact
 			continue
 		}
 
+		withinRedactNum := 0 // give unique redaction names
+
 		for _, re := range redact.Regex {
-			r, err := NewSingleLineRedactor(re, MASK_TEXT, path)
+			r, err := NewSingleLineRedactor(re, MASK_TEXT, path, redactorName(i, withinRedactNum, redact.Name, "regex", ""))
 			if err != nil {
 				return nil, errors.Wrapf(err, "redactor %q", re)
 			}
 			additionalRedactors = append(additionalRedactors, r)
 		}
 
 		for _, literal := range redact.Values {
-			additionalRedactors = append(additionalRedactors, literalString(literal, path))
+			additionalRedactors = append(additionalRedactors, literalString(literal, path, redactorName(i, withinRedactNum, redact.Name, "literal", "")))
 		}
 
 		for _, re := range redact.MultiLine {
-			r, err := NewMultiLineRedactor(re.Selector, re.Redactor, MASK_TEXT, path)
+			r, err := NewMultiLineRedactor(re.Selector, re.Redactor, MASK_TEXT, path, redactorName(i, withinRedactNum, redact.Name, "multiLine", ""))
 			if err != nil {
 				return nil, errors.Wrapf(err, "multiline redactor %+v", re)
 			}
 			additionalRedactors = append(additionalRedactors, r)
 		}
 
 		for _, yaml := range redact.Yaml {
-			r := NewYamlRedactor(yaml, path)
+			r := NewYamlRedactor(yaml, path, redactorName(i, withinRedactNum, redact.Name, "yaml", ""))
 			additionalRedactors = append(additionalRedactors, r)
 		}
 	}
@@ -190,8 +192,8 @@ func getRedactors(path string) ([]Redactor, error) {
 	}
 
 	redactors := make([]Redactor, 0)
-	for _, re := range singleLines {
-		r, err := NewSingleLineRedactor(re, MASK_TEXT, path)
+	for i, re := range singleLines {
+		r, err := NewSingleLineRedactor(re, MASK_TEXT, path, redactorName(-1, i, "", "defaultRegex", re))
 		if err != nil {
 			return nil, err // maybe skip broken ones?
 		}
@@ -232,8 +234,8 @@ func getRedactors(path string) ([]Redactor, error) {
 		},
 	}
 
-	for _, l := range doubleLines {
-		r, err := NewMultiLineRedactor(l.line1, l.line2, MASK_TEXT, path)
+	for i, l := range doubleLines {
+		r, err := NewMultiLineRedactor(l.line1, l.line2, MASK_TEXT, path, redactorName(-1, i, "", "defaultMultiLine", l.line1))
 		if err != nil {
 			return nil, err // maybe skip broken ones?
 		}
@@ -278,3 +280,13 @@ func readLine(r *bufio.Reader) (string, error) {
 	}
 	return string(completeLine), nil
 }
+
+func redactorName(redactorNum, withinRedactorNum int, redactorName, redactorType, redactorLiteral string) string {
+	if redactorName != "" {
+		return fmt.Sprintf("%s-%d", redactorName, withinRedactorNum)
+	}
+	if redactorLiteral == "" {
+		return fmt.Sprintf("unnamed-%d.%d-%s", redactorNum, withinRedactorNum, redactorType)
+	}
+	return fmt.Sprintf("%s.%d-%q", redactorType, withinRedactorNum, redactorLiteral)
+}
diff --git a/pkg/redact/single_line.go b/pkg/redact/single_line.go
@@ -8,17 +8,18 @@ import (
 )
 
 type SingleLineRedactor struct {
-	re       *regexp.Regexp
-	maskText string
-	filePath string
+	re         *regexp.Regexp
+	maskText   string
+	filePath   string
+	redactName string
 }
 
-func NewSingleLineRedactor(re, maskText, path string) (*SingleLineRedactor, error) {
+func NewSingleLineRedactor(re, maskText, path, name string) (*SingleLineRedactor, error) {
 	compiled, err := regexp.Compile(re)
 	if err != nil {
 		return nil, err
 	}
-	return &SingleLineRedactor{re: compiled, maskText: maskText, filePath: path}, nil
+	return &SingleLineRedactor{re: compiled, maskText: maskText, filePath: path, redactName: name}, nil
 }
 
 func (r *SingleLineRedactor) Redact(input io.Reader) io.Reader {
@@ -62,7 +63,7 @@ func (r *SingleLineRedactor) Redact(input io.Reader) io.Reader {
 			// if clean is not equal to line, a redaction was performed
 			if clean != line {
 				go addRedaction(Redaction{
-					RedactorName:      fmt.Sprintf("regex %q", r.re),
+					RedactorName:      r.redactName,
 					CharactersRemoved: len(line) - len(clean),
 					Line:              lineNum,
 					File:              r.filePath,
diff --git a/pkg/redact/single_line_test.go b/pkg/redact/single_line_test.go
@@ -41,7 +41,7 @@ func TestNewSingleLineRedactor(t *testing.T) {
 			defer scopetest.End()
 
 			req := require.New(t)
-			reRunner, err := NewSingleLineRedactor(tt.re, MASK_TEXT, "testfile")
+			reRunner, err := NewSingleLineRedactor(tt.re, MASK_TEXT, "testfile", tt.name)
 			req.NoError(err)
 
 			outReader := reRunner.Redact(bytes.NewReader([]byte(tt.inputString)))
diff --git a/pkg/redact/yaml.go b/pkg/redact/yaml.go
@@ -3,7 +3,6 @@ package redact
 import (
 	"bufio"
 	"bytes"
-	"fmt"
 	"io"
 	"io/ioutil"
 	"strconv"
@@ -16,11 +15,12 @@ type YamlRedactor struct {
 	maskPath   []string
 	foundMatch bool
 	filePath   string
+	redactName string
 }
 
-func NewYamlRedactor(yamlPath, filePath string) *YamlRedactor {
+func NewYamlRedactor(yamlPath, filePath, name string) *YamlRedactor {
 	pathComponents := strings.Split(yamlPath, ".")
-	return &YamlRedactor{maskPath: pathComponents, filePath: filePath}
+	return &YamlRedactor{maskPath: pathComponents, filePath: filePath, redactName: name}
 }
 
 func (r *YamlRedactor) Redact(input io.Reader) io.Reader {
@@ -65,7 +65,7 @@ func (r *YamlRedactor) Redact(input io.Reader) io.Reader {
 		buf.WriteTo(writer)
 
 		go addRedaction(Redaction{
-			RedactorName:      fmt.Sprintf("yaml %q", strings.Join(r.maskPath, ".")),
+			RedactorName:      r.redactName,
 			CharactersRemoved: len(doc) - len(newBytes),
 			Line:              0, // line 0 because we have no way to tell what line was impacted
 			File:              r.filePath,
diff --git a/pkg/redact/yaml_test.go b/pkg/redact/yaml_test.go
@@ -180,7 +180,7 @@ xyz:
 			defer scopetest.End()
 
 			req := require.New(t)
-			yamlRunner := NewYamlRedactor(strings.Join(tt.path, "."), "testfile")
+			yamlRunner := NewYamlRedactor(strings.Join(tt.path, "."), "testfile", tt.name)
 
 			outReader := yamlRunner.Redact(bytes.NewReader([]byte(tt.inputString)))
 			gotBytes, err := ioutil.ReadAll(outReader)

Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,7 @@ func Redact(input []byte, path string, additionalRedactors []*troubleshootv1beta`
`79`	`79`
`80`	`80`	`func buildAdditionalRedactors(path string, redacts []*troubleshootv1beta1.Redact) ([]Redactor, error) {`
`81`	`81`	`additionalRedactors := []Redactor{}`
`82`		`- for _, redact := range redacts {`
	`82`	`+ for i, redact := range redacts {`
`83`	`83`	`if redact == nil {`
`84`	`84`	`continue`
`85`	`85`	`}`
`@@ -93,28 +93,30 @@ func buildAdditionalRedactors(path string, redacts []*troubleshootv1beta1.Redact`
`93`	`93`	`continue`
`94`	`94`	`}`
`95`	`95`
	`96`	`+ withinRedactNum := 0 // give unique redaction names`
	`97`	`+`
`96`	`98`	`for _, re := range redact.Regex {`
`97`		`- r, err := NewSingleLineRedactor(re, MASK_TEXT, path)`
	`99`	`+ r, err := NewSingleLineRedactor(re, MASK_TEXT, path, redactorName(i, withinRedactNum, redact.Name, "regex", ""))`
`98`	`100`	`if err != nil {`
`99`	`101`	`return nil, errors.Wrapf(err, "redactor %q", re)`
`100`	`102`	`}`
`101`	`103`	`additionalRedactors = append(additionalRedactors, r)`
`102`	`104`	`}`
`103`	`105`
`104`	`106`	`for _, literal := range redact.Values {`
`105`		`- additionalRedactors = append(additionalRedactors, literalString(literal, path))`
	`107`	`+ additionalRedactors = append(additionalRedactors, literalString(literal, path, redactorName(i, withinRedactNum, redact.Name, "literal", "")))`
`106`	`108`	`}`
`107`	`109`
`108`	`110`	`for _, re := range redact.MultiLine {`
`109`		`- r, err := NewMultiLineRedactor(re.Selector, re.Redactor, MASK_TEXT, path)`
	`111`	`+ r, err := NewMultiLineRedactor(re.Selector, re.Redactor, MASK_TEXT, path, redactorName(i, withinRedactNum, redact.Name, "multiLine", ""))`
`110`	`112`	`if err != nil {`
`111`	`113`	`return nil, errors.Wrapf(err, "multiline redactor %+v", re)`
`112`	`114`	`}`
`113`	`115`	`additionalRedactors = append(additionalRedactors, r)`
`114`	`116`	`}`
`115`	`117`
`116`	`118`	`for _, yaml := range redact.Yaml {`
`117`		`- r := NewYamlRedactor(yaml, path)`
	`119`	`+ r := NewYamlRedactor(yaml, path, redactorName(i, withinRedactNum, redact.Name, "yaml", ""))`
`118`	`120`	`additionalRedactors = append(additionalRedactors, r)`
`119`	`121`	`}`
`120`	`122`	`}`
`@@ -190,8 +192,8 @@ func getRedactors(path string) ([]Redactor, error) {`
`190`	`192`	`}`
`191`	`193`
`192`	`194`	`redactors := make([]Redactor, 0)`
`193`		`- for _, re := range singleLines {`
`194`		`- r, err := NewSingleLineRedactor(re, MASK_TEXT, path)`
	`195`	`+ for i, re := range singleLines {`
	`196`	`+ r, err := NewSingleLineRedactor(re, MASK_TEXT, path, redactorName(-1, i, "", "defaultRegex", re))`
`195`	`197`	`if err != nil {`
`196`	`198`	`return nil, err // maybe skip broken ones?`
`197`	`199`	`}`
`@@ -232,8 +234,8 @@ func getRedactors(path string) ([]Redactor, error) {`
`232`	`234`	`},`
`233`	`235`	`}`
`234`	`236`
`235`		`- for _, l := range doubleLines {`
`236`		`- r, err := NewMultiLineRedactor(l.line1, l.line2, MASK_TEXT, path)`
	`237`	`+ for i, l := range doubleLines {`
	`238`	`+ r, err := NewMultiLineRedactor(l.line1, l.line2, MASK_TEXT, path, redactorName(-1, i, "", "defaultMultiLine", l.line1))`
`237`	`239`	`if err != nil {`
`238`	`240`	`return nil, err // maybe skip broken ones?`
`239`	`241`	`}`
`@@ -278,3 +280,13 @@ func readLine(r *bufio.Reader) (string, error) {`
`278`	`280`	`}`
`279`	`281`	`return string(completeLine), nil`
`280`	`282`	`}`
	`283`	`+`
	`284`	`+func redactorName(redactorNum, withinRedactorNum int, redactorName, redactorType, redactorLiteral string) string {`
	`285`	`+ if redactorName != "" {`
	`286`	`+ return fmt.Sprintf("%s-%d", redactorName, withinRedactorNum)`
	`287`	`+ }`
	`288`	`+ if redactorLiteral == "" {`
	`289`	`+ return fmt.Sprintf("unnamed-%d.%d-%s", redactorNum, withinRedactorNum, redactorType)`
	`290`	`+ }`
	`291`	`+ return fmt.Sprintf("%s.%d-%q", redactorType, withinRedactorNum, redactorLiteral)`
	`292`	`+}`