1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
From: Sebastiaan van Stijn <github@gone.nl>
Date: Wed, 3 Jul 2019 16:16:22 +0200
Subject: [PATCH] DebugRequestMiddleware: Remove path handling
Path-specific rules were removed, so this is no longer used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 530e63c1a61b105a6f7fc143c5acb9b5cd87f958)
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit f8a0f26843bc5aff33cf9201b75bd4bdbb48a3ad)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Origin: upstream, https://github.com/docker/engine/pull/298
---
api/server/middleware/debug.go | 16 +++--------
api/server/middleware/debug_test.go | 42 +++--------------------------
2 files changed, 8 insertions(+), 50 deletions(-)
diff --git a/engine/api/server/middleware/debug.go b/engine/api/server/middleware/debug.go
index 31165bf91849..a02c1bc7de34 100644
--- a/engine/api/server/middleware/debug.go
+++ b/engine/api/server/middleware/debug.go
@@ -41,7 +41,7 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
var postForm map[string]interface{}
if err := json.Unmarshal(b, &postForm); err == nil {
- maskSecretKeys(postForm, r.RequestURI)
+ maskSecretKeys(postForm)
formStr, errMarshal := json.Marshal(postForm)
if errMarshal == nil {
logrus.Debugf("form data: %s", string(formStr))
@@ -54,18 +54,10 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
}
}
-func maskSecretKeys(inp interface{}, path string) {
- // Remove any query string from the path
- idx := strings.Index(path, "?")
- if idx != -1 {
- path = path[:idx]
- }
- // Remove trailing / characters
- path = strings.TrimRight(path, "/")
-
+func maskSecretKeys(inp interface{}) {
if arr, ok := inp.([]interface{}); ok {
for _, f := range arr {
- maskSecretKeys(f, path)
+ maskSecretKeys(f)
}
return
}
@@ -92,7 +84,7 @@ func maskSecretKeys(inp interface{}, path string) {
continue loop0
}
}
- maskSecretKeys(v, path)
+ maskSecretKeys(v)
}
}
}
diff --git a/engine/api/server/middleware/debug_test.go b/engine/api/server/middleware/debug_test.go
index 361273feda6c..fb1740d54a47 100644
--- a/engine/api/server/middleware/debug_test.go
+++ b/engine/api/server/middleware/debug_test.go
@@ -10,49 +10,16 @@ import (
func TestMaskSecretKeys(t *testing.T) {
tests := []struct {
doc string
- path string
input map[string]interface{}
expected map[string]interface{}
}{
{
- doc: "secret create with API version",
- path: "/v1.30/secrets/create",
+ doc: "secret/config create and update requests",
input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
},
{
- doc: "secret create with API version and trailing slashes",
- path: "/v1.30/secrets/create//",
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
- },
- {
- doc: "secret create with query param",
- path: "/secrets/create?key=val",
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
- },
- {
- doc: "secret update with API version",
- path: "/v1.30/secrets/mysecret/update",
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
- },
- {
- doc: "secret update with API version and trailing slashes",
- path: "/v1.30/secrets/mysecret/update//",
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
- },
- {
- doc: "secret update with query parameter",
- path: "/secrets/mysecret/update?version=34",
- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
- },
- {
- doc: "other paths with API version",
- path: "/v1.30/some/other/path",
+ doc: "masking other fields (recursively)",
input: map[string]interface{}{
"password": "pass",
"secret": "secret",
@@ -83,8 +50,7 @@ func TestMaskSecretKeys(t *testing.T) {
},
},
{
- doc: "other paths with API version case insensitive",
- path: "/v1.30/some/other/path",
+ doc: "case insensitive field matching",
input: map[string]interface{}{
"PASSWORD": "pass",
"other": map[string]interface{}{
@@ -102,7 +68,7 @@ func TestMaskSecretKeys(t *testing.T) {
for _, testcase := range tests {
t.Run(testcase.doc, func(t *testing.T) {
- maskSecretKeys(testcase.input, testcase.path)
+ maskSecretKeys(testcase.input)
assert.Check(t, is.DeepEqual(testcase.expected, testcase.input))
})
}
|
