Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle Dynatrace API Token in the sanitizer #974

Merged
merged 4 commits into from
Jun 13, 2023
Merged

Handle Dynatrace API Token in the sanitizer #974

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e2be18a
Handle Dynatrace API Token in the sanitizer
rbamberger Oct 3, 2022
10ea15a
Remove sensitive information from URI query parameters
rbamberger Dec 5, 2022
f73c65b
Tests added
rbamberger Jan 23, 2023
b44919f
special handling for token removed
rbamberger Apr 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 33 additions & 1 deletion lib/java_buildpack/util/sanitizer.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,46 @@
# A mixin that adds the ability to turn a +String+ into sanitized uri
class String

# Takes the uri query params and strips out credentials
#
# @return [String] the sanitized query params
def handle_params(params)
keywords = /key
|password
|username
|cred(ential)*(s)*
|password
|token
|api[-_]token
|api
|auth(entication)*
|access[-_]token
|secret[-_]token/ix

query_params = ''

params.each do |key, _|
params[key] = '***' if key.match(keywords)
query_params += key + '=' + params[key] + '&'
end

query_params
end

# Takes a uri and strips out any credentials it may contain.
#
# @return [String] the sanitized uri
def sanitize_uri
rich_uri = URI(self)
rich_uri.user = nil
rich_uri.password = nil

if rich_uri.query
params = (URI.decode_www_form rich_uri.query).to_h
query_params = handle_params(params)
rich_uri.query = query_params.chop
end

rich_uri.to_s
end

end
18 changes: 17 additions & 1 deletion spec/java_buildpack/util/sanitize_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,23 @@
include_context 'with application help'

it 'sanitizes uri with credentials in' do
expect('https://myuser:mypass@myhost/path/to/file'.sanitize_uri).to eq('https://myhost/path/to/file')
expect('https://myuser:mypass@myhost/path/to/file'\
'?authentication=verysecret'\
'&cred=verysecret'\
'&password=verysecret'\
'&include=java'\
'&bitness=64'\
'&Api-Token=dt0c01.H67ALCXCXK7PWAAOQLENSRET.PRIVATEPART'\
'&secret-token=verysecret'\
'&token=123456789'.sanitize_uri).to eq('https://myhost/path/to/file'\
'?authentication=***'\
'&cred=***'\
'&password=***'\
'&include=java'\
'&bitness=64'\
'&Api-Token=***'\
'&secret-token=***'\
'&token=***')
end

it 'does not sanatize uri with no credentials in' do
Expand Down