Merge pull request #292 from nickmiller-wf/redact-access-token

Strip sensitive URL parameters from provider log output
2016-08-02 23:19:22 -04:00 · 2016-08-02 23:19:22 -04:00 · a0e4a36821
commit a0e4a36821
parent 78f2fe1306 c566648127
3 changed files with 55 additions and 5 deletions
--- a/providers/github.go
+++ b/providers/github.go
@ -85,7 +85,8 @@ func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) {
 		return false, err
 	}
 	if resp.StatusCode != 200 {
-		return false, fmt.Errorf("got %d from %q %s", resp.StatusCode, endpoint, body)
+		return false, fmt.Errorf(
 			"got %d from %q %s", resp.StatusCode, stripToken(endpoint.String()), body)
 	}
 	if err := json.Unmarshal(body, &orgs); err != nil {
@ -140,7 +141,8 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
 		return false, err
 	}
 	if resp.StatusCode != 200 {
-		return false, fmt.Errorf("got %d from %q %s", resp.StatusCode, endpoint, body)
+		return false, fmt.Errorf(
 			"got %d from %q %s", resp.StatusCode, stripToken(endpoint.String()), body)
 	}
 	if err := json.Unmarshal(body, &teams); err != nil {
@ -217,9 +219,10 @@ func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error) {
 	}
 	if resp.StatusCode != 200 {
-		return "", fmt.Errorf("got %d from %q %s", resp.StatusCode, endpoint, body)
+		return "", fmt.Errorf("got %d from %q %s",
 			resp.StatusCode, stripToken(endpoint.String()), body)
 	} else {
-		log.Printf("got %d from %q %s", resp.StatusCode, endpoint, body)
+		log.Printf("got %d from %q %s", resp.StatusCode, stripToken(endpoint.String()), body)
 	}
 	if err := json.Unmarshal(body, &emails); err != nil {
--- a/providers/internal_util.go
+++ b/providers/internal_util.go
@ -9,6 +9,42 @@ import (
 	"github.com/bitly/oauth2_proxy/api"
 )
 // stripToken is a helper function to obfuscate "access_token"
 // query parameters
 func stripToken(endpoint string) string {
 	return stripParam("access_token", endpoint)
 }
 // stripParam generalizes the obfuscation of a particular
 // query parameter - typically 'access_token' or 'client_secret'
 // The parameter's second half is replaced by '...' and returned
 // as part of the encoded query parameters.
 // If the target parameter isn't found, the endpoint is returned
 // unmodified.
 func stripParam(param, endpoint string) string {
 	u, err := url.Parse(endpoint)
 	if err != nil {
 		log.Printf("error attempting to strip %s: %s", param, err)
 		return endpoint
 	}
 	if u.RawQuery != "" {
 		values, err := url.ParseQuery(u.RawQuery)
 		if err != nil {
 			log.Printf("error attempting to strip %s: %s", param, err)
 			return u.String()
 		}
 		if val := values.Get(param); val != "" {
 			values.Set(param, val[:(len(val)/2)]+"...")
 			u.RawQuery = values.Encode()
 			return u.String()
 		}
 	}
 	return endpoint
 }
 // validateToken returns true if token is valid
 func validateToken(p Provider, access_token string, header http.Header) bool {
 	if access_token == "" || p.Data().ValidateURL == nil {
@ -28,7 +64,7 @@ func validateToken(p Provider, access_token string, header http.Header) bool {
 	body, _ := ioutil.ReadAll(resp.Body)
 	resp.Body.Close()
-	log.Printf("%d GET %s %s", resp.StatusCode, endpoint, body)
+	log.Printf("%d GET %s %s", resp.StatusCode, stripToken(endpoint), body)
 	if resp.StatusCode == 200 {
 		return true
--- a/providers/internal_util_test.go
+++ b/providers/internal_util_test.go
@ -119,3 +119,14 @@ func TestValidateSessionStateExpiredToken(t *testing.T) {
 	vt_test.response_code = 401
 	assert.Equal(t, false, validateToken(vt_test.provider, "foobar", nil))
 }
 func TestStripTokenNotPresent(t *testing.T) {
 	test := "http://local.test/api/test?a=1&b=2"
 	assert.Equal(t, test, stripToken(test))
 }
 func TestStripToken(t *testing.T) {
 	test := "http://local.test/api/test?access_token=deadbeef&b=1&c=2"
 	expected := "http://local.test/api/test?access_token=dead...&b=1&c=2"
 	assert.Equal(t, expected, stripToken(test))
 }