Fixed: API keys should be more reliably cleansed from the logs

pull/3113/head
Mark McDowall 11 years ago
parent fe8555d3ea
commit a40b9a306e

@ -0,0 +1,20 @@
using System.Text.RegularExpressions;
namespace NzbDrone.Common.Instrumentation
{
public class CleanseLogMessage
{
//TODO: remove password=
private static readonly Regex CleansingRegex = new Regex(@"(?<=apikey=)(\w+?)(?=\W|$|_)", RegexOptions.Compiled | RegexOptions.IgnoreCase);
public static string Cleanse(string message)
{
if (message.IsNullOrWhiteSpace())
{
return message;
}
return CleansingRegex.Replace(message, "<removed>");
}
}
}

@ -78,7 +78,7 @@ namespace NzbDrone.Common.Instrumentation
private static void RegisterAppFile(IAppFolderInfo appFolderInfo) private static void RegisterAppFile(IAppFolderInfo appFolderInfo)
{ {
var fileTarget = new FileTarget(); var fileTarget = new NzbDroneFileTarget();
fileTarget.Name = "rollingFileLogger"; fileTarget.Name = "rollingFileLogger";
fileTarget.FileName = Path.Combine(appFolderInfo.GetLogFolder(), "nzbdrone.txt"); fileTarget.FileName = Path.Combine(appFolderInfo.GetLogFolder(), "nzbdrone.txt");

@ -0,0 +1,13 @@
using NLog;
using NLog.Targets;
namespace NzbDrone.Common.Instrumentation
{
public class NzbDroneFileTarget : FileTarget
{
protected override string GetFormattedMessage(LogEventInfo logEvent)
{
return CleanseLogMessage.Cleanse(Layout.Render(logEvent));
}
}
}

@ -97,9 +97,11 @@
<SubType>Component</SubType> <SubType>Component</SubType>
</Compile> </Compile>
<Compile Include="IEnumerableExtensions.cs" /> <Compile Include="IEnumerableExtensions.cs" />
<Compile Include="Instrumentation\CleanseLogMessage.cs" />
<Compile Include="Instrumentation\GlobalExceptionHandlers.cs" /> <Compile Include="Instrumentation\GlobalExceptionHandlers.cs" />
<Compile Include="Instrumentation\ExceptronTarget.cs" /> <Compile Include="Instrumentation\ExceptronTarget.cs" />
<Compile Include="Instrumentation\LogEventExtensions.cs" /> <Compile Include="Instrumentation\LogEventExtensions.cs" />
<Compile Include="Instrumentation\NzbDroneFileTarget.cs" />
<Compile Include="Instrumentation\NzbDroneLogger.cs" /> <Compile Include="Instrumentation\NzbDroneLogger.cs" />
<Compile Include="Instrumentation\LogTargets.cs" /> <Compile Include="Instrumentation\LogTargets.cs" />
<Compile Include="Messaging\IEvent.cs" /> <Compile Include="Messaging\IEvent.cs" />

@ -135,7 +135,7 @@ namespace NzbDrone.Core.Download.Clients.Sabnzbd
action, action,
authentication); authentication);
_logger.CleansedDebug(url); _logger.Debug(url);
return new RestClient(url); return new RestClient(url);
} }

@ -117,7 +117,7 @@ namespace NzbDrone.Core.Indexers
{ {
try try
{ {
_logger.CleansedDebug("Downloading Feed " + url); _logger.Debug("Downloading Feed " + url);
var xml = _httpProvider.DownloadString(url); var xml = _httpProvider.DownloadString(url);
if (!string.IsNullOrWhiteSpace(xml)) if (!string.IsNullOrWhiteSpace(xml))
{ {

@ -5,6 +5,7 @@ using NLog.Config;
using NLog; using NLog;
using NLog.Layouts; using NLog.Layouts;
using NLog.Targets; using NLog.Targets;
using NzbDrone.Common.Instrumentation;
using NzbDrone.Core.Lifecycle; using NzbDrone.Core.Lifecycle;
using NzbDrone.Core.Messaging.Events; using NzbDrone.Core.Messaging.Events;
@ -52,7 +53,7 @@ namespace NzbDrone.Core.Instrumentation
{ {
var log = new Log(); var log = new Log();
log.Time = logEvent.TimeStamp; log.Time = logEvent.TimeStamp;
log.Message = logEvent.FormattedMessage; log.Message = CleanseLogMessage.Cleanse(logEvent.FormattedMessage);
log.Method = Layout.Render(logEvent); log.Method = Layout.Render(logEvent);
log.Logger = logEvent.LoggerName; log.Logger = logEvent.LoggerName;

@ -1,45 +0,0 @@
using System;
using System.Text.RegularExpressions;
using NLog;
namespace NzbDrone.Core.Instrumentation.Extensions
{
public static class LoggerCleansedExtensions
{
private static readonly Regex CleansingRegex = new Regex(@"(?<=apikey=)(\w+?)(?=\W|$|_)", RegexOptions.Compiled | RegexOptions.IgnoreCase);
public static void CleansedInfo(this Logger logger, string message, params object[] args)
{
var formattedMessage = String.Format(message, args);
LogCleansedMessage(logger, LogLevel.Info, formattedMessage);
}
public static void CleansedDebug(this Logger logger, string message, params object[] args)
{
var formattedMessage = String.Format(message, args);
LogCleansedMessage(logger, LogLevel.Debug, formattedMessage);
}
public static void CleansedTrace(this Logger logger, string message, params object[] args)
{
var formattedMessage = String.Format(message, args);
LogCleansedMessage(logger, LogLevel.Trace, formattedMessage);
}
private static void LogCleansedMessage(Logger logger, LogLevel level, string message)
{
message = Cleanse(message);
var logEvent = new LogEventInfo(level, logger.Name, message);
logger.Log(logEvent);
}
private static string Cleanse(string message)
{
//TODO: password=
return CleansingRegex.Replace(message, "<removed>");
}
}
}

@ -2,7 +2,7 @@
using System.Linq; using System.Linq;
using NLog; using NLog;
using NLog.Config; using NLog.Config;
using NLog.Targets; using NzbDrone.Common.Instrumentation;
using NzbDrone.Core.Configuration; using NzbDrone.Core.Configuration;
using NzbDrone.Core.Configuration.Events; using NzbDrone.Core.Configuration.Events;
using NzbDrone.Core.Lifecycle; using NzbDrone.Core.Lifecycle;
@ -29,7 +29,7 @@ namespace NzbDrone.Core.Instrumentation
var minimumLogLevel = LogLevel.FromString(_configFileProvider.LogLevel); var minimumLogLevel = LogLevel.FromString(_configFileProvider.LogLevel);
var rules = LogManager.Configuration.LoggingRules; var rules = LogManager.Configuration.LoggingRules;
var rollingFileLogger = rules.Single(s => s.Targets.Any(t => t is FileTarget)); var rollingFileLogger = rules.Single(s => s.Targets.Any(t => t is NzbDroneFileTarget));
rollingFileLogger.EnableLoggingForLevel(LogLevel.Trace); rollingFileLogger.EnableLoggingForLevel(LogLevel.Trace);
SetMinimumLogLevel(rollingFileLogger, minimumLogLevel); SetMinimumLogLevel(rollingFileLogger, minimumLogLevel);

@ -324,7 +324,6 @@
<Compile Include="Instrumentation\Commands\DeleteLogFilesCommand.cs" /> <Compile Include="Instrumentation\Commands\DeleteLogFilesCommand.cs" />
<Compile Include="Instrumentation\Commands\TrimLogCommand.cs" /> <Compile Include="Instrumentation\Commands\TrimLogCommand.cs" />
<Compile Include="Instrumentation\DeleteLogFilesService.cs" /> <Compile Include="Instrumentation\DeleteLogFilesService.cs" />
<Compile Include="Instrumentation\Extensions\LoggerCleansedExtensions.cs" />
<Compile Include="Instrumentation\Extensions\LoggerProgressExtensions.cs" /> <Compile Include="Instrumentation\Extensions\LoggerProgressExtensions.cs" />
<Compile Include="MediaFiles\Commands\RenameSeriesCommand.cs" /> <Compile Include="MediaFiles\Commands\RenameSeriesCommand.cs" />
<Compile Include="MediaFiles\Commands\RescanSeriesCommand.cs" /> <Compile Include="MediaFiles\Commands\RescanSeriesCommand.cs" />

Loading…
Cancel
Save