var postForm map[string]interface{}
if err := json.Unmarshal(b, &postForm); err == nil {
- maskSecretKeys(postForm, r.RequestURI)
+ maskSecretKeys(postForm)
formStr, errMarshal := json.Marshal(postForm)
if errMarshal == nil {
logrus.Debugf("form data: %s", string(formStr))
}
}
-func maskSecretKeys(inp interface{}, path string) {
- // Remove any query string from the path
- idx := strings.Index(path, "?")
- if idx != -1 {
- path = path[:idx]
- }
- // Remove trailing / characters
- path = strings.TrimRight(path, "/")
-
+func maskSecretKeys(inp interface{}) {
if arr, ok := inp.([]interface{}); ok {
for _, f := range arr {
- maskSecretKeys(f, path)
+ maskSecretKeys(f)
}
return
}
continue loop0
}
}
- maskSecretKeys(v, path)
+ maskSecretKeys(v)
}
}
}
func TestMaskSecretKeys(t *testing.T) {
tests := []struct {
doc string
- path string
input map[string]interface{}
expected map[string]interface{}
}{
{
- doc: "secret create with API version",
- path: "/v1.30/secrets/create",
+ doc: "secret/config create and update requests",
input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
},
{
- doc: "secret create with API version and trailing slashes",
- path: "/v1.30/secrets/create//",
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
- },
- {
- doc: "secret create with query param",
- path: "/secrets/create?key=val",
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
- },
- {
- doc: "secret update with API version",
- path: "/v1.30/secrets/mysecret/update",
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
- },
- {
- doc: "secret update with API version and trailing slashes",
- path: "/v1.30/secrets/mysecret/update//",
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
- },
- {
- doc: "secret update with query parameter",
- path: "/secrets/mysecret/update?version=34",
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
- },
- {
- doc: "other paths with API version",
- path: "/v1.30/some/other/path",
+ doc: "masking other fields (recursively)",
input: map[string]interface{}{
"password": "pass",
"secret": "secret",
},
},
{
- doc: "other paths with API version case insensitive",
- path: "/v1.30/some/other/path",
+ doc: "case insensitive field matching",
input: map[string]interface{}{
"PASSWORD": "pass",
"other": map[string]interface{}{
for _, testcase := range tests {
t.Run(testcase.doc, func(t *testing.T) {
- maskSecretKeys(testcase.input, testcase.path)
+ maskSecretKeys(testcase.input)
assert.Check(t, is.DeepEqual(testcase.expected, testcase.input))
})
}
projects / docker.io.git / commitdiff