fix: don't log certain fields

Signed-off-by: kshamajain99 <[email protected]>
argoproj · Mar 3, 2021 · 6d0207c · 6d0207c
1 parent 69f6ee8
commit 6d0207c
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 25 deletions.
diff --git a/server/logout/logout.go b/server/logout/logout.go
@@ -66,41 +66,19 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	logoutRedirectURL := strings.TrimRight(strings.TrimLeft(argoCDSettings.URL, "/"), "/") + strings.TrimRight(strings.TrimLeft(h.rootPath, "/"), "/")
 
 	cookies := r.Cookies()
-<<<<<<< HEAD
 	tokenString, err = httputil.JoinCookies(common.AuthCookieName, cookies)
 	if tokenString == "" || err != nil {
-=======
-	// filter cookies with prefix common.AuthCookieName
-	var filteredCookies []string
-	for _, cookie := range cookies {
-		if strings.HasPrefix(cookie.Name, common.AuthCookieName) {
-			filteredCookies = append(filteredCookies, fmt.Sprintf("%s=%s", cookie.Name, cookie.Value))
-		}
-	}
-	tokenString = httputil.JoinCookies(common.AuthCookieName, strings.Join(filteredCookies, "; "))
-	if tokenString == "" {
->>>>>>> efe7ebb3 (fix: support longer cookie)
 		w.WriteHeader(http.StatusBadRequest)
 		http.Error(w, "Failed to retrieve ArgoCD auth token: "+fmt.Sprintf("%s", err), http.StatusBadRequest)
 		return
 	}
 
-<<<<<<< HEAD
 	for _, cookie := range cookies {
 		if !strings.HasPrefix(cookie.Name, common.AuthCookieName) {
 			continue
 		}
 		argocdCookie := http.Cookie{
 			Name:  cookie.Name,
-=======
-	for _, cookie := range filteredCookies {
-		pair := strings.Split(cookie, "=")
-		if len(pair) == 0 {
-			continue
-		}
-		argocdCookie := http.Cookie{
-			Name:  pair[0],
->>>>>>> efe7ebb3 (fix: support longer cookie)
 			Value: "",
 		}
 		argocdCookie.Path = fmt.Sprintf("/%s", strings.TrimRight(strings.TrimLeft(h.rootPath, "/"), "/"))

diff --git a/util/exec/exec.go b/util/exec/exec.go
@@ -34,13 +34,15 @@ func Run(cmd *exec.Cmd) (string, error) {
 }
 
 func RunWithRedactor(cmd *exec.Cmd, redactor func(text string) string) (string, error) {
+	opts := argoexec.CmdOpts{Timeout: timeout}
 	span := tracing.NewLoggingTracer(log.NewLogrusLogger(logrus.New())).StartSpan(fmt.Sprintf("exec %v", cmd.Args[0]))
 	span.SetBaggageItem("dir", fmt.Sprintf("%v", cmd.Dir))
-	span.SetBaggageItem("args", fmt.Sprintf("%v", cmd.Args))
-	defer span.Finish()
-	opts := argoexec.CmdOpts{Timeout: timeout}
 	if redactor != nil {
+		span.SetBaggageItem("args", redactor(fmt.Sprintf("%v", cmd.Args)))
 		opts.Redactor = redactor
+	} else {
+		span.SetBaggageItem("args", fmt.Sprintf("%v", cmd.Args))
 	}
+	defer span.Finish()
 	return argoexec.RunCommandExt(cmd, opts)
 }
diff --git a/util/exec/exec_test.go b/util/exec/exec_test.go
@@ -3,6 +3,7 @@ package exec
 import (
 	"os"
 	"os/exec"
+	"regexp"
 	"testing"
 	"time"
 
@@ -27,3 +28,14 @@ func TestRun(t *testing.T) {
 	assert.NoError(t, err)
 	assert.NotEmpty(t, out)
 }
+
+func TestHideUsernamePassword(t *testing.T) {
+	_, err := RunWithRedactor(exec.Command("helm registry login https://charts.bitnami.com/bitnami", "--username", "foo", "--password", "bar"), nil)
+	assert.NotEmpty(t, err)
+
+	var redactor = func(text string) string {
+		return regexp.MustCompile("(--username|--password) [^ ]*").ReplaceAllString(text, "$1 ******")
+	}
+	_, err = RunWithRedactor(exec.Command("helm registry login https://charts.bitnami.com/bitnami", "--username", "foo", "--password", "bar"), redactor)
+	assert.NotEmpty(t, err)
+}