Skip to content

Commit

Permalink
fix:sanitize log output when exposing sensitive values (#1480)
Browse files Browse the repository at this point in the history
  • Loading branch information
@macmiranda
macmiranda authored Dec 2, 2022
1 parent 8e39e71 commit ed92690
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
10 changes: 7 additions & 3 deletions cmd/ingress/ingress.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,9 +129,13 @@ the apisix cluster and others are created`,

log.Info("version:\n", version.Long())

data, err := json.MarshalIndent(cfg, "", "\t")
// We should make sure that the cfg that's logged out is sanitized.
cfgCopy := new(config.Config)
*cfgCopy = *cfg
cfgCopy.APISIX.DefaultClusterAdminKey = "******"
data, err := json.MarshalIndent(cfgCopy, "", " ")
if err != nil {
dief("failed to show configuration: %s", string(data))
dief("failed to marshal configuration: %s", err)
}
log.Info("use configuration\n", string(data))

Expand Down Expand Up @@ -165,7 +169,7 @@ the apisix cluster and others are created`,
cmd.PersistentFlags().StringVar(&cfg.HTTPListen, "http-listen", ":8080", "the HTTP Server listen address")
cmd.PersistentFlags().StringVar(&cfg.HTTPSListen, "https-listen", ":8443", "the HTTPS Server listen address")
cmd.PersistentFlags().StringVar(&cfg.IngressPublishService, "ingress-publish-service", "",
`the controller will use the Endpoint of this Service to update the status information of the Ingress resource.
`the controller will use the Endpoint of this Service to update the status information of the Ingress resource.
The format is "namespace/svc-name" to solve the situation that the data plane and the controller are not deployed in the same namespace.`)
cmd.PersistentFlags().StringSliceVar(&cfg.IngressStatusAddress, "ingress-status-address", []string{},
`when there is no available information on the Service used for publishing on the data plane,
Expand Down
2 changes: 1 addition & 1 deletion cmd/ingress/ingress_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ func TestNewIngressCommandEffectiveLog(t *testing.T) {
assert.Equal(t, true, cfg.EnableProfiling)
assert.Equal(t, "/foo/bar/baz", cfg.Kubernetes.Kubeconfig)
assert.Equal(t, types.TimeDuration{Duration: 24 * time.Hour}, cfg.Kubernetes.ResyncInterval)
assert.Equal(t, "0x123", cfg.APISIX.DefaultClusterAdminKey)
assert.Equal(t, "******", cfg.APISIX.DefaultClusterAdminKey)
assert.Equal(t, "http://apisixgw.default.cluster.local/apisix", cfg.APISIX.DefaultClusterBaseURL)
}

Expand Down

0 comments on commit ed92690

Please sign in to comment.