common, db4s, webui: Sanitise some of our log messages

Author: justinclift

common/postgresql.go

@@ -506,7 +506,7 @@ func UploadResponse(w http.ResponseWriter, r *http.Request, loggedInUser, target
 	}
 
 	// Log the successful database upload
-	log.Printf("Database uploaded: '%s%s%s', bytes: %v\n", loggedInUser, targetFolder, targetDB, numBytes)
+	log.Printf("Database uploaded: '%s%s%s', bytes: %v\n", loggedInUser, targetFolder, SanitiseLogString(targetDB), numBytes)
 
 	// Generate the formatted server string
 	var server string

common/responses.go

@@ -241,7 +241,7 @@ func GetSQLiteRowCount(sdb *sqlite.Conn, dbTable string) (int, error) {
 	var rowCount int
 	err := sdb.OneValue(dbQuery, &rowCount)
 	if err != nil {
-		log.Printf("Error occurred when counting total rows for table '%s'.  Error: %s\n", dbTable, err)
+		log.Printf("Error occurred when counting total rows for table '%s'.  Error: %s\n", SanitiseLogString(dbTable), err)
 		return 0, errors.New("Database query failure")
 	}
 	return rowCount, nil
@@ -287,7 +287,7 @@ func OpenSQLiteDatabaseDefensive(w http.ResponseWriter, r *http.Request, dbOwner
 	if id == "" {
 		// The requested database wasn't found, or the user doesn't have permission to access it
 		err = fmt.Errorf("Requested database not found")
-		log.Printf("Requested database not found. Owner: '%s%s%s'", dbOwner, dbFolder, dbName)
+		log.Printf("Requested database not found. Owner: '%s%s%s'", SanitiseLogString(dbOwner), SanitiseLogString(dbFolder), SanitiseLogString(dbName))
 		w.WriteHeader(http.StatusNotFound)
 		fmt.Fprintf(w, "%s", err.Error())
 		return
@@ -921,7 +921,7 @@ func TablesAndViews(sdb *sqlite.Conn, dbName string) (list []string, err error)
 	}
 	if len(list) == 0 {
 		// No table names were returned, so abort
-		log.Printf("The database '%s' doesn't seem to have any tables. Aborting.", dbName)
+		log.Printf("The database '%s' doesn't seem to have any tables. Aborting.", SanitiseLogString(dbName))
 		return
 	}
 

common/sqlite.go

@@ -72,7 +72,7 @@ func GetDatabase(r *http.Request, allowGet bool) (dbName string, err error) {
 	}
 	err = ValidateDB(dbName)
 	if err != nil {
-		log.Printf("Validation failed for database name '%s': %s", dbName, err)
+		log.Printf("Validation failed for database name '%s': %s", SanitiseLogString(dbName), err)
 		return "", errors.New("Invalid database name")
 	}
 	return dbName, nil
@@ -325,7 +325,7 @@ func GetOD(ignoreLeading int, r *http.Request) (dbOwner string, dbName string, e
 
 	// Check that at least an owner/database combination was requested
 	if len(pathStrings) < (3 + ignoreLeading) {
-		log.Printf("Something wrong with the requested URL: %v\n", r.URL.Path)
+		log.Printf("Something wrong with the requested URL: %v\n", SanitiseLogString(r.URL.Path))
 		return "", "", errors.New("Invalid URL")
 	}
 	dbOwner = pathStrings[1+ignoreLeading]

common/userinput.go

@@ -48,7 +48,7 @@ func AddDatabase(loggedInUser, dbOwner, dbFolder, dbName string, createBranch bo
 	tempDB, err := ioutil.TempFile(Conf.DiskCache.Directory, "dbhub-upload-")
 	if err != nil {
 		log.Printf("Error creating temporary file. User: '%s', Database: '%s%s%s', Error: %v\n", loggedInUser,
-			dbOwner, dbFolder, dbName, err)
+			SanitiseLogString(dbOwner), SanitiseLogString(dbFolder), SanitiseLogString(dbName), err)
 		return
 	}
 	tempDBName := tempDB.Name()
@@ -62,7 +62,7 @@ func AddDatabase(loggedInUser, dbOwner, dbFolder, dbName string, createBranch bo
 	numBytes, err = io.CopyBuffer(tempDB, newDB, buf)
 	if err != nil {
 		log.Printf("Error when writing the uploaded db to a temp file. User: '%s', Database: '%s%s%s' "+
-			"Error: %v\n", loggedInUser, dbOwner, dbFolder, dbName, err)
+			"Error: %v\n", loggedInUser, SanitiseLogString(dbOwner), SanitiseLogString(dbFolder), SanitiseLogString(dbName), err)
 		return
 	}
 	if numBytes == 0 {
@@ -329,7 +329,7 @@ func AddDatabase(loggedInUser, dbOwner, dbFolder, dbName string, createBranch bo
 			if !ok {
 				m := fmt.Sprintf("Error when counting commits in branch '%s' of database '%s%s%s'\n", branchName,
 					dbOwner, dbFolder, dbName)
-				log.Print(m)
+				log.Print(SanitiseLogString(m))
 				return 0, "", "", errors.New(m)
 			}
 		}
@@ -761,7 +761,7 @@ func DeleteBranchHistory(dbOwner, dbFolder, dbName, branchName, commitID string)
 		c, ok = commitList[c.Parent]
 		if !ok {
 			log.Printf("Error when counting # of commits while rewriting branch '%s' of database '%s%s%s'\n",
-				branchName, dbOwner, dbFolder, dbName)
+				SanitiseLogString(branchName), SanitiseLogString(dbOwner), SanitiseLogString(dbFolder), SanitiseLogString(dbName))
 			err = fmt.Errorf("Error when counting commits during branch history rewrite")
 			return
 		}
@@ -1008,7 +1008,7 @@ func IsCommitInBranchHistory(dbOwner, dbFolder, dbName, branchName, commitID str
 		c, ok = commitList[c.Parent]
 		if !ok {
 			log.Printf("Broken commit history encountered for branch '%s' in '%s%s%s', when looking for "+
-				"commit '%s'\n", branchName, dbOwner, dbFolder, dbName, c.Parent)
+				"commit '%s'\n", SanitiseLogString(branchName), SanitiseLogString(dbOwner), SanitiseLogString(dbFolder), SanitiseLogString(dbName), c.Parent)
 			return false, fmt.Errorf("Broken commit history encountered for branch '%s' when looking up "+
 				"commit details", branchName)
 		}

common/util.go

@@ -440,7 +440,7 @@ func licenceAddHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	err = com.ValidateLicence(l)
 	if err != nil {
-		log.Printf("Validation failed for licence ID: '%s': %s", l, err)
+		log.Printf("Validation failed for licence ID: '%s': %s", com.SanitiseLogString(l), err)
 		http.Error(w, "Validation of licence ID failed", http.StatusBadRequest)
 		return
 	}
@@ -451,7 +451,7 @@ func licenceAddHandler(w http.ResponseWriter, r *http.Request) {
 	if z := r.FormValue("licence_name"); z != "" {
 		err = com.ValidateLicenceFullName(z)
 		if err != nil {
-			log.Printf("Validation failed for licence full name: '%s': %s", z, err)
+			log.Printf("Validation failed for licence full name: '%s': %s", com.SanitiseLogString(z), err)
 			http.Error(w, "Validation of licence full name failed", http.StatusBadRequest)
 			return
 		}
@@ -554,7 +554,7 @@ func licenceAddHandler(w http.ResponseWriter, r *http.Request) {
 	_, _ = fmt.Fprintf(w, "Success")
 
 	// Log the new license addition
-	log.Printf("New licence '%s' added to the server by user '%v'\n", licID, userAcc)
+	log.Printf("New licence '%s' added to the server by user '%v'\n", com.SanitiseLogString(licID), userAcc)
 	return
 }
 
@@ -577,7 +577,7 @@ func licenceGetHandler(w http.ResponseWriter, r *http.Request) {
 	// Validate the licence name
 	err = com.ValidateLicence(l)
 	if err != nil {
-		log.Printf("Validation failed for licence name: '%s': %s", l, err)
+		log.Printf("Validation failed for licence name: '%s': %s", com.SanitiseLogString(l), err)
 		http.Error(w, "Validation of licence name failed", http.StatusBadRequest)
 		return
 	}
@@ -621,7 +621,7 @@ func licenceGetHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Log the transfer
-	log.Printf("Licence '%s' downloaded by user '%v', %d bytes\n", licenceName, userAcc, bytesWritten)
+	log.Printf("Licence '%s' downloaded by user '%v', %d bytes\n", com.SanitiseLogString(licenceName), userAcc, bytesWritten)
 	return
 }
 
@@ -674,7 +674,7 @@ func licenceRemoveHandler(w http.ResponseWriter, r *http.Request) {
 	// Validate the licence name
 	err = com.ValidateLicence(l)
 	if err != nil {
-		log.Printf("Validation failed for licence name: '%s': %s", l, err)
+		log.Printf("Validation failed for licence name: '%s': %s", com.SanitiseLogString(l), err)
 		http.Error(w, "Validation of licence name failed", http.StatusBadRequest)
 		return
 	}
@@ -703,7 +703,7 @@ func licenceRemoveHandler(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprintf(w, "Success")
 
 	// Log the transfer
-	log.Printf("Licence '%s' removed by user '%v'\n", licenceName, userAcc)
+	log.Printf("Licence '%s' removed by user '%v'\n", com.SanitiseLogString(licenceName), userAcc)
 	return
 }
 
@@ -907,7 +907,7 @@ func retrieveDatabase(w http.ResponseWriter, r *http.Request, pageName string, u
 	}
 
 	// Log the transfer
-	log.Printf("'%s%s%s' downloaded by user '%v', %v bytes", dbOwner, dbFolder, dbName, userAcc, bytesWritten)
+	log.Printf("'%s%s%s' downloaded by user '%v', %v bytes", com.SanitiseLogString(dbOwner), dbFolder, dbName, userAcc, bytesWritten)
 	return nil
 }