Skip to content

Commit f556bec

Browse files
authored
feat: additionally redact negotiate in logger (#378)
1 parent 40f2ae9 commit f556bec

File tree

2 files changed

+17
-4
lines changed

2 files changed

+17
-4
lines changed

pkg/logging/scrubbingLogWriter.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,7 @@ func (w *scrubbingLevelWriter) WriteLevel(level zerolog.Level, p []byte) (int, e
151151
}
152152

153153
func addMandatoryMasking(dict ScrubbingDict) ScrubbingDict {
154-
const charGroup = "[a-zA-Z0-9-_:.=]{6,}"
154+
const charGroup = "[a-zA-Z0-9-_:.=/+~]{6,}"
155155
s := `(http(s)?://)((.+?):(.+?))@(\S+)`
156156
dict[s] = scrubStruct{
157157
groupToRedact: 3,
@@ -176,6 +176,12 @@ func addMandatoryMasking(dict ScrubbingDict) ScrubbingDict {
176176
regex: regexp.MustCompile(s),
177177
}
178178

179+
s = fmt.Sprintf("([n|N]egotiate )(%s)", charGroup)
180+
dict[s] = scrubStruct{
181+
groupToRedact: 2,
182+
regex: regexp.MustCompile(s),
183+
}
184+
179185
s = fmt.Sprintf("(gh[ps])_(%s)", charGroup)
180186
dict[s] = scrubStruct{
181187
groupToRedact: 2,

pkg/logging/scrubbingLogWriter_test.go

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,13 +19,15 @@ package logging
1919
import (
2020
"bytes"
2121
"fmt"
22-
"github.com/snyk/go-application-framework/pkg/auth"
23-
"github.com/snyk/go-application-framework/pkg/configuration"
24-
"github.com/stretchr/testify/require"
2522
"os/user"
2623
"regexp"
2724
"testing"
2825

26+
"github.com/stretchr/testify/require"
27+
28+
"github.com/snyk/go-application-framework/pkg/auth"
29+
"github.com/snyk/go-application-framework/pkg/configuration"
30+
2931
"github.com/rs/zerolog"
3032
"github.com/stretchr/testify/assert"
3133
)
@@ -233,6 +235,11 @@ func TestAddDefaults(t *testing.T) {
233235
input: "basic dXM0000=\" asdf",
234236
expected: "basic ***\" asdf",
235237
},
238+
{
239+
name: "Negotiate header with value",
240+
input: "Proxy-Authorization: Negotiate YIICSAYGbWLumn6s9/8pfMB513heIeAJ/udlOk7K+XUbIoBZGzi0cA6xahe/vE0x2Fla0OeU+JK2h4G58i/lSVO0Ip+LDQApB+TC1SCh50KvgF1U8F/p4Pwr/LLrXX/pDgMUTt3kOmjRPJ9/qhU+aHrFWq3/L0E102+mc2bI asdf",
241+
expected: "Proxy-Authorization: Negotiate *** asdf",
242+
},
236243
{
237244
name: "github pat (classic)",
238245
input: "GITHUB_PRIVATE_TOKEN=ghp_012345678901234567890123456789012345",

0 commit comments

Comments
 (0)