Skip to content

Commit

Permalink
Tests added
Browse files Browse the repository at this point in the history
  • Loading branch information
rbamberger committed Jan 23, 2023
1 parent 10ea15a commit f73c65b
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 21 deletions.
59 changes: 39 additions & 20 deletions lib/java_buildpack/util/sanitizer.rb
Original file line number Diff line number Diff line change
Expand Up @@ -18,36 +18,55 @@
# A mixin that adds the ability to turn a +String+ into sanitized uri
class String

# Takes the uri query params and strips out credentials
#
# @return [String] the sanitized query params
def handle_params(params)
keywords = /key
|password
|username
|cred(ential)*(s)*
|password
|token
|api[-_]token
|api
|auth(entication)*
|access[-_]token
|secret[-_]token/ix

query_params = ''

params.each do |key, value|
match = key.match(keywords)

if match
params[key] = if match[0] == 'Api-Token' && value =~ /dt\w*/
value.gsub(/(dt\w*\.\w*)\.\w*/, '\1.REDACTED')
else
'***'
end
end

query_params += key + '=' + params[key] + '&'
end

query_params
end

# Takes a uri and strips out any credentials it may contain.
#
# @return [String] the sanitized uri
def sanitize_uri
keywords = /key|password|username|cred[entials]*[s]*|password|token|api[-_]token|api|auth[entication]*|access[-_]token|secret[-_]token/i

rich_uri = URI(self)
rich_uri.user = nil
rich_uri.password = nil

if(rich_uri.query)
params = Hash[URI.decode_www_form rich_uri.query]

query_params = ""

params.each do |key,value|
match = key.match(keywords)

if(match)
if(match[0] == "Api-Token" && value =~ /dt\w*/)
params[key] = value.gsub(/(dt\w*\.\w*)\.\w*/, '\1.REDACTED')
else
params[key] = "***"
end
end

query_params += key + "=" + params[key] + "&"
end
if rich_uri.query
params = (URI.decode_www_form rich_uri.query).to_h
query_params = handle_params(params)
rich_uri.query = query_params.chop
end

rich_uri.to_s
end
end
18 changes: 17 additions & 1 deletion spec/java_buildpack/util/sanitize_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,23 @@
include_context 'with application help'

it 'sanitizes uri with credentials in' do
expect('https://myuser:mypass@myhost/path/to/file'.sanitize_uri).to eq('https://myhost/path/to/file')
expect('https://myuser:mypass@myhost/path/to/file'\
'?authentication=verysecret'\
'&cred=verysecret'\
'&password=verysecret'\
'&include=java'\
'&bitness=64'\
'&Api-Token=dt0c01.H67ALCXCXK7PWAAOQLENSRET.PRIVATEPART'\
'&secret-token=verysecret'\
'&token=123456789'.sanitize_uri).to eq('https://myhost/path/to/file'\
'?authentication=***'\
'&cred=***'\
'&password=***'\
'&include=java'\
'&bitness=64'\
'&Api-Token=dt0c01.H67ALCXCXK7PWAAOQLENSRET.REDACTED'\
'&secret-token=***'\
'&token=***')
end

it 'does not sanatize uri with no credentials in' do
Expand Down

0 comments on commit f73c65b

Please sign in to comment.