Merge pull request #271 from SomtochiAma/token-log

Use regex to find and replace token
fluxcd · Oct 21, 2021 · 71dc13e · 71dc13e
2 parents da22e34 + 996ee36
commit 71dc13e
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 5 deletions.
diff --git a/internal/server/event_handlers.go b/internal/server/event_handlers.go
@@ -25,7 +25,6 @@ import (
 	"io/ioutil"
 	"net/http"
 	"regexp"
-	"strings"
 	"time"
 
 	corev1 "k8s.io/api/core/v1"
@@ -224,10 +223,7 @@ func (s *EventServer) handleEvent() func(w http.ResponseWriter, r *http.Request)
 
 			go func(n notifier.Interface, e events.Event) {
 				if err := n.Post(e); err != nil {
-					if token != "" {
-						redacted := strings.ReplaceAll(err.Error(), token, "*****")
-						err = errors.New(redacted)
-					}
+					err = redactTokenFromError(err, token)
 
 					s.logger.Error(err, "failed to send notification",
 						"reconciler kind", event.InvolvedObject.Kind,
@@ -240,3 +236,14 @@ func (s *EventServer) handleEvent() func(w http.ResponseWriter, r *http.Request)
 		w.WriteHeader(http.StatusAccepted)
 	}
 }
+
+func redactTokenFromError(err error, token string) error {
+	if token == "" {
+		return err
+	}
+
+	re := regexp.MustCompile(fmt.Sprintf("%s*", token))
+	redacted := re.ReplaceAllString(err.Error(), "*****")
+
+	return errors.New(redacted)
+}
diff --git a/internal/server/event_handlers_test.go b/internal/server/event_handlers_test.go
@@ -0,0 +1,58 @@
+package server
+
+import (
+	"errors"
+	"testing"
+)
+
+func TestRedactTokenFromError(t *testing.T) {
+	tests := []struct {
+		name           string
+		token          string
+		originalErrStr string
+		expectedErrStr string
+	}{
+		{
+			name:           "no token",
+			token:          "8h0387hdyehbwwa45",
+			originalErrStr: "Cannot post to github",
+			expectedErrStr: "Cannot post to github",
+		},
+		{
+			name:           "empty token",
+			token:          "",
+			originalErrStr: "Cannot post to github",
+			expectedErrStr: "Cannot post to github",
+		},
+		{
+			name:           "exact token",
+			token:          "8h0387hdyehbwwa45",
+			originalErrStr: "Cannot post to github with token 8h0387hdyehbwwa45",
+			expectedErrStr: "Cannot post to github with token *****",
+		},
+		{
+			name:           "non-exact token",
+			token:          "8h0387hdyehbwwa45",
+			originalErrStr: `Cannot post to github with token 8h0387hdyehbwwa45\\n`,
+			expectedErrStr: `Cannot post to github with token *****\\n`,
+		},
+		{
+			name:           "extra text in front token",
+			token:          "8h0387hdyehbwwa45",
+			originalErrStr: `Cannot post to github with token metoo8h0387hdyehbwwa45\\n`,
+			expectedErrStr: `Cannot post to github with token metoo*****\\n`,
+		},
+	}
+
+	for _, tt := range tests {
+		err := redactTokenFromError(errors.New(tt.originalErrStr), tt.token)
+		if err == nil {
+			t.Fatalf("error shouldn't be nil")
+		}
+
+		if err.Error() != tt.expectedErrStr {
+			t.Errorf("expected error string '%s' but got '%s'",
+				tt.expectedErrStr, err)
+		}
+	}
+}