From 6c8c87d2e22e92c65225a3c74155286e79099932 Mon Sep 17 00:00:00 2001 From: Taloth Saldono Date: Sun, 20 Jul 2014 14:14:47 +0200 Subject: [PATCH] Added additional rules to cleanse confidential details from log file messages. --- .../CleanseLogMessageFixture.cs | 34 +++++++++++++++++++ .../NzbDrone.Common.Test.csproj | 1 + .../Instrumentation/CleanseLogMessage.cs | 24 +++++++++++-- src/NzbDrone.Common/StringExtensions.cs | 7 ++++ 4 files changed, 63 insertions(+), 3 deletions(-) create mode 100644 src/NzbDrone.Common.Test/InstrumentationTests/CleanseLogMessageFixture.cs diff --git a/src/NzbDrone.Common.Test/InstrumentationTests/CleanseLogMessageFixture.cs b/src/NzbDrone.Common.Test/InstrumentationTests/CleanseLogMessageFixture.cs new file mode 100644 index 000000000..e78d7b70f --- /dev/null +++ b/src/NzbDrone.Common.Test/InstrumentationTests/CleanseLogMessageFixture.cs @@ -0,0 +1,34 @@ +using System; +using System.Linq; +using System.Text; +using System.Collections.Generic; +using NUnit.Framework; +using NzbDrone.Common.Instrumentation; +using FluentAssertions; + +namespace NzbDrone.Common.Test.InstrumentationTests +{ + [TestFixture] + public class CleanseLogMessageFixture + { + [TestCase(@"http://127.0.0.1:1234/api/call?vv=1&apikey=mySecret")] + [TestCase(@"http://127.0.0.1:1234/api/call?vv=1&ma_username=mySecret&ma_password=mySecret")] + // NzbGet + [TestCase(@"{ ""Name"" : ""ControlUsername"", ""Value"" : ""mySecret"" }, { ""Name"" : ""ControlPassword"", ""Value"" : ""mySecret"" }, ")] + [TestCase(@"{ ""Name"" : ""Server1.Username"", ""Value"" : ""mySecret"" }, { ""Name"" : ""Server1.Password"", ""Value"" : ""mySecret"" }, ")] + // Sabnzbd + [TestCase(@"""config"":{""newzbin"":{""username"":""mySecret"",""password"":""mySecret""}")] + [TestCase(@"""nzbxxx"":{""username"":""mySecret"",""apikey"":""mySecret""}")] + [TestCase(@"""growl"":{""growl_password"":""mySecret"",""growl_server"":""""}")] + [TestCase(@"""nzbmatrix"":{""username"":""mySecret"",""apikey"":""mySecret""}")] + [TestCase(@"""misc"":{""username"":""mySecret"",""api_key"":""mySecret"",""password"":""mySecret"",""nzb_key"":""mySecret""}")] + [TestCase(@"""servers"":[{""username"":""mySecret"",""password"":""mySecret""}]")] + [TestCase(@"""misc"":{""email_account"":""mySecret"",""email_to"":[],""email_from"":"""",""email_pwd"":""mySecret""}")] + public void should_clean_message(String message) + { + var cleansedMessage = CleanseLogMessage.Cleanse(message); + + cleansedMessage.Should().NotContain("mySecret"); + } + } +} diff --git a/src/NzbDrone.Common.Test/NzbDrone.Common.Test.csproj b/src/NzbDrone.Common.Test/NzbDrone.Common.Test.csproj index e7f6a681f..5b9259033 100644 --- a/src/NzbDrone.Common.Test/NzbDrone.Common.Test.csproj +++ b/src/NzbDrone.Common.Test/NzbDrone.Common.Test.csproj @@ -67,6 +67,7 @@ + diff --git a/src/NzbDrone.Common/Instrumentation/CleanseLogMessage.cs b/src/NzbDrone.Common/Instrumentation/CleanseLogMessage.cs index 8c5096976..9befc8f1f 100644 --- a/src/NzbDrone.Common/Instrumentation/CleanseLogMessage.cs +++ b/src/NzbDrone.Common/Instrumentation/CleanseLogMessage.cs @@ -4,8 +4,21 @@ namespace NzbDrone.Common.Instrumentation { public class CleanseLogMessage { - //TODO: remove password= - private static readonly Regex CleansingRegex = new Regex(@"(?<=apikey=)(\w+?)(?=\W|$|_)", RegexOptions.Compiled | RegexOptions.IgnoreCase); + private static readonly Regex[] CleansingRules = new[] + { + // Url + new Regex(@"(<=\?|&)apikey=(?\w+?)(?=\W|$|_)", RegexOptions.Compiled | RegexOptions.IgnoreCase), + new Regex(@"(<=\?|&)[^=]*?(username|password)=(?\w+?)(?=\W|$|_)", RegexOptions.Compiled | RegexOptions.IgnoreCase), + + // NzbGet + new Regex(@"""Name""\s*:\s*""[^""]*(username|password)""\s*,\s*""Value""\s*:\s*""(?[^""]+?)""", RegexOptions.Compiled | RegexOptions.IgnoreCase), + + // Sabnzbd + new Regex(@"""[^""]*(username|password|api_?key|nzb_key)""\s*:\s*""(?[^""]+?)""", RegexOptions.Compiled | RegexOptions.IgnoreCase), + new Regex(@"""email_(account|to|from|pwd)""\s*:\s*""(?[^""]+?)""", RegexOptions.Compiled | RegexOptions.IgnoreCase) + }; + + //private static readonly Regex CleansingRegex = new Regex(@"(?<=apikey=)(\w+?)(?=\W|$|_)", RegexOptions.Compiled | RegexOptions.IgnoreCase); public static string Cleanse(string message) { @@ -14,7 +27,12 @@ namespace NzbDrone.Common.Instrumentation return message; } - return CleansingRegex.Replace(message, ""); + foreach (var regex in CleansingRules) + { + message = regex.Replace(message, m => m.Value.Replace(m.Groups["secret"].Index - m.Index, m.Groups["secret"].Length, "")); + } + + return message; } } } diff --git a/src/NzbDrone.Common/StringExtensions.cs b/src/NzbDrone.Common/StringExtensions.cs index 77a6c9532..cb0137bed 100644 --- a/src/NzbDrone.Common/StringExtensions.cs +++ b/src/NzbDrone.Common/StringExtensions.cs @@ -32,6 +32,13 @@ namespace NzbDrone.Common private static readonly Regex CollapseSpace = new Regex(@"\s+", RegexOptions.Compiled); + public static string Replace(this string text, int index, int length, string replacement) + { + text = text.Remove(index, length); + text = text.Insert(index, replacement); + return text; + } + public static string RemoveAccent(this string text) { var normalizedString = text.Normalize(NormalizationForm.FormD);