Skip to content

Commit

Permalink
only sanitize the event if it is actually going to be logged
Browse files Browse the repository at this point in the history
  • Loading branch information
@chrispatrick
chrispatrick committed Aug 22, 2024
1 parent d252c57 commit 1b4a63c
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 1 deletion.
2 changes: 1 addition & 1 deletion handle.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ func CreateHttpHandler(handlers Handlers) func(http.ResponseWriter, *http.Reques
start := time.Now()
logger.Debugf("Skill execution started")
if req.Event.Type != "sync-request" {
logger.Debugf("Incoming event message: %s", sanitizeEvent(body))
logger.Debugf("Incoming event message: %s", func() interface{} { return sanitizeEvent(body) })
}

defer func() {
Expand Down
11 changes: 11 additions & 0 deletions log.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,7 @@ func createLogger(ctx context.Context, event EventIncoming, headers http.Header)
doGcpLog(msg, internal.Debug)
}
logger.Debugf = func(format string, a ...any) {
a = expandFuncs(a, logrus.DebugLevel)
Log.WithFields(localLabels).Debugf(format, a...)
doGcpLog(fmt.Sprintf(format, a...), internal.Debug)
}
Expand Down Expand Up @@ -185,6 +186,16 @@ func createLogger(ctx context.Context, event EventIncoming, headers http.Header)
return logger
}

func expandFuncs(a []any, level logrus.Level) []any {
for i, v := range a {
if f, ok := v.(func() interface{}); ok && Log.Level >= level {
a[i] = f()
}
}

return a
}

// SanitizeEvent removes any sensitive information from the incoming payload structure
func sanitizeEvent(incoming string) string {
re, _ := regexp.Compile(`:([a-z\.\/-]*)\s*"(.*?)"`)
Expand Down
14 changes: 14 additions & 0 deletions log_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,15 @@
package skill

import (
"bytes"
"context"
"net/http"
"net/http/httptest"
"strings"
"testing"

"github.com/atomist-skills/go-skill/internal"
"github.com/sirupsen/logrus"

"olympos.io/encoding/edn"
)
Expand Down Expand Up @@ -91,3 +93,15 @@ func TestSanitizeEventWithSingleCharacterUser(t *testing.T) {
t.Errorf("user not sanitised")
}
}

func TestLoggingWithFunc(t *testing.T) {
var buf bytes.Buffer
Log.SetOutput(&buf)
Log.SetLevel(logrus.DebugLevel)
logger := createLogger(context.Background(), EventIncoming{}, http.Header{})
logger.Debugf("This is a %s message", func() interface{} { return "test" })

if !strings.Contains(buf.String(), "This is a test message") {
t.Errorf("Expected message not found")
}
}

0 comments on commit 1b4a63c

Please sign in to comment.