From 44de353b8bc3ef23af08f2630e85a23ea06c186f Mon Sep 17 00:00:00 2001 From: Taloth Saldono Date: Sun, 25 Oct 2015 23:15:21 +0100 Subject: [PATCH] Sanitize dognzb apikey in nzb fetch url. --- .../InstrumentationTests/CleanseLogMessageFixture.cs | 2 ++ src/NzbDrone.Common/Instrumentation/CleanseLogMessage.cs | 1 + 2 files changed, 3 insertions(+) diff --git a/src/NzbDrone.Common.Test/InstrumentationTests/CleanseLogMessageFixture.cs b/src/NzbDrone.Common.Test/InstrumentationTests/CleanseLogMessageFixture.cs index 04a405b4c..244795290 100644 --- a/src/NzbDrone.Common.Test/InstrumentationTests/CleanseLogMessageFixture.cs +++ b/src/NzbDrone.Common.Test/InstrumentationTests/CleanseLogMessageFixture.cs @@ -13,6 +13,7 @@ namespace NzbDrone.Common.Test.InstrumentationTests [TestCase(@"http://rss.torrentleech.org/mySecret")] [TestCase(@"http://www.bitmetv.org/rss.php?uid=mySecret&passkey=mySecret")] [TestCase(@"https://rss.omgwtfnzbs.org/rss-search.php?catid=19,20&user=sonarr&api=mySecret&eng=1")] + [TestCase(@"https://dognzb.cr/fetch/2b51db35e1912ffc138825a12b9933d2/2b51db35e1910123321025a12b9933d2")] // NzbGet [TestCase(@"{ ""Name"" : ""ControlUsername"", ""Value"" : ""mySecret"" }, { ""Name"" : ""ControlPassword"", ""Value"" : ""mySecret"" }, ")] [TestCase(@"{ ""Name"" : ""Server1.Username"", ""Value"" : ""mySecret"" }, { ""Name"" : ""Server1.Password"", ""Value"" : ""mySecret"" }, ")] @@ -44,6 +45,7 @@ namespace NzbDrone.Common.Test.InstrumentationTests var cleansedMessage = CleanseLogMessage.Cleanse(message); cleansedMessage.Should().NotContain("mySecret"); + cleansedMessage.Should().NotContain("01233210"); } } } diff --git a/src/NzbDrone.Common/Instrumentation/CleanseLogMessage.cs b/src/NzbDrone.Common/Instrumentation/CleanseLogMessage.cs index 2a6b3fa89..088b2852f 100644 --- a/src/NzbDrone.Common/Instrumentation/CleanseLogMessage.cs +++ b/src/NzbDrone.Common/Instrumentation/CleanseLogMessage.cs @@ -13,6 +13,7 @@ namespace NzbDrone.Common.Instrumentation new Regex(@"(?<=\?|&)[^=]*?(username|password)=(?[^&=]+?)(?= |&|$)", RegexOptions.Compiled | RegexOptions.IgnoreCase), new Regex(@"torrentleech\.org/(?[0-9a-z]+)", RegexOptions.Compiled | RegexOptions.IgnoreCase), new Regex(@"iptorrents\.com/[/a-z0-9?&;]*?(?:[?&;](u|tp)=(?[^&=;]+?))+(?= |;|&|$)", RegexOptions.Compiled | RegexOptions.IgnoreCase), + new Regex(@"/fetch/[a-z0-9]{32}/(?[a-z0-9]{32})", RegexOptions.Compiled | RegexOptions.IgnoreCase), // Path new Regex(@"""C:\\Users\\(?[^\""]+?)(\\|$)", RegexOptions.Compiled | RegexOptions.IgnoreCase),