api, common, db4s: Sanitise further log messages

Author: justinclift

api/main.go

@@ -242,7 +242,8 @@ func collectInfoAndOpen(w http.ResponseWriter, r *http.Request) (sdb *sqlite.Con
 	if id == "" {
 		// The requested database wasn't found, or the user doesn't have permission to access it
 		err = fmt.Errorf("Requested database not found")
-		log.Printf("Requested database not found. Owner: '%s%s%s'", dbOwner, dbFolder, dbName)
+		log.Printf("Requested database not found. Owner: '%s%s%s'", com.SanitiseLogString(dbOwner),
+			com.SanitiseLogString(dbFolder), com.SanitiseLogString(dbName))
 		httpStatus = http.StatusNotFound
 		return
 	}

common/cert.go

@@ -113,7 +113,7 @@ func GenerateClientCert(userName string) (_ []byte, err error) {
 		return
 	}
 
-	log.Printf("New client cert generated for user '%s'", userName)
+	log.Printf("New client cert generated for user '%s'", SanitiseLogString(userName))
 
 	return buf.Bytes(), nil
 }

common/diff.go

@@ -90,13 +90,15 @@ func Diff(ownerA string, folderA string, nameA string, commitA string, ownerB st
 	if idA == "" {
 		// The requested database wasn't found, or the user doesn't have permission to access it
 		err = fmt.Errorf("Requested database not found")
-		log.Printf("Requested database not found: '%s%s%s'", ownerA, folderA, nameA)
+		log.Printf("Requested database not found: '%s%s%s'", SanitiseLogString(ownerA),
+			SanitiseLogString(folderA), SanitiseLogString(nameA))
 		return Diffs{}, err
 	}
 	if idB == "" {
 		// The requested database wasn't found, or the user doesn't have permission to access it
 		err = fmt.Errorf("Requested database not found")
-		log.Printf("Requested database not found: '%s%s%s'", ownerB, folderB, nameB)
+		log.Printf("Requested database not found: '%s%s%s'", SanitiseLogString(ownerB),
+			SanitiseLogString(folderB), SanitiseLogString(nameB))
 		return Diffs{}, err
 	}