From 96fa570d98632d59e8b0e7ad5f1c140ccbd019fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20P=C3=A9rez-Aradros=20Herce?= Date: Wed, 14 Apr 2021 15:53:16 +0200 Subject: [PATCH] Strip Azure EventHub connection string in debug logs (#25066) * Strip Azure EventHub connection string in debug logs --- CHANGELOG.next.asciidoc | 1 + x-pack/filebeat/input/azureeventhub/input.go | 17 ++++++++++++- .../input/azureeventhub/input_test.go | 24 +++++++++++++++++++ 3 files changed, 41 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 93878b4c73e..f4069fef905 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -279,6 +279,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix a connection error in httpjson input. {pull}16123[16123] - Fix integer overflow in S3 offsets when collecting very large files. {pull}22523[22523] - Fix CredentialsJSON unpacking for `gcp-pubsub` and `httpjson` inputs. {pull}23277[23277] +- Strip Azure Eventhub connection string in debug logs. {pulll}[] *Filebeat* diff --git a/x-pack/filebeat/input/azureeventhub/input.go b/x-pack/filebeat/input/azureeventhub/input.go index 010e2807b56..5f0d1b3df5e 100644 --- a/x-pack/filebeat/input/azureeventhub/input.go +++ b/x-pack/filebeat/input/azureeventhub/input.go @@ -8,6 +8,7 @@ import ( "context" "encoding/json" "fmt" + "strings" "sync" "time" @@ -80,7 +81,7 @@ func NewInput( in := &azureInput{ config: config, - log: logp.NewLogger(fmt.Sprintf("%s input", inputName)).With("connection string", config.ConnectionString), + log: logp.NewLogger(fmt.Sprintf("%s input", inputName)).With("connection string", stripConnectionString(config.ConnectionString)), context: inputContext, workerCtx: workerCtx, workerCancel: workerCancel, @@ -235,3 +236,17 @@ func (a *azureInput) parseMultipleMessages(bMessage []byte) []string { } return messages } + +// Strip connection string to remove sensitive information +// A connection string should look like this: +// Endpoint=sb://dummynamespace.servicebus.windows.net/;SharedAccessKeyName=DummyAccessKeyName;SharedAccessKey=5dOntTRytoC24opYThisAsit3is2B+OGY1US/fuL3ly= +// This code will remove everything after ';' so key information is stripped +func stripConnectionString(c string) string { + if parts := strings.SplitN(c, ";", 2); len(parts) == 2 { + return parts[0] + } + + // We actually expect the string to have the documented format + // if we reach here something is wrong, so let's stay on the safe side + return "(redacted)" +} diff --git a/x-pack/filebeat/input/azureeventhub/input_test.go b/x-pack/filebeat/input/azureeventhub/input_test.go index 8537e7529f5..d4268d9d96a 100644 --- a/x-pack/filebeat/input/azureeventhub/input_test.go +++ b/x-pack/filebeat/input/azureeventhub/input_test.go @@ -120,6 +120,30 @@ func TestNewInputDone(t *testing.T) { inputtest.AssertNotStartedInputCanBeDone(t, NewInput, &config) } +func TestStripConnectionString(t *testing.T) { + tests := []struct { + connectionString, expected string + }{ + { + "Endpoint=sb://something", + "(redacted)", + }, + { + "Endpoint=sb://dummynamespace.servicebus.windows.net/;SharedAccessKeyName=DummyAccessKeyName;SharedAccessKey=5dOntTRytoC24opYThisAsit3is2B+OGY1US/fuL3ly=", + "Endpoint=sb://dummynamespace.servicebus.windows.net/", + }, + { + "Endpoint=sb://dummynamespace.servicebus.windows.net/;SharedAccessKey=5dOntTRytoC24opYThisAsit3is2B+OGY1US/fuL3ly=", + "Endpoint=sb://dummynamespace.servicebus.windows.net/", + }, + } + + for _, tt := range tests { + res := stripConnectionString(tt.connectionString) + assert.Equal(t, res, tt.expected) + } +} + type stubOutleter struct { sync.Mutex cond *sync.Cond