[fractal] Remove Matrix API access token before logging
- From: Daniel Garcia Moreno <danigm src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [fractal] Remove Matrix API access token before logging
- Date: Mon, 6 Apr 2020 06:16:53 +0000 (UTC)
commit d6335da1a5e40c2d1b9b5a5ad00b634dfc10fe91
Author: jhaye <jhaye mailbox org>
Date: Sat Mar 28 12:10:36 2020 +0100
Remove Matrix API access token before logging
fractal-gtk/src/app/backend_loop.rs | 82 ++++++++++++++++++++++++++++++++-----
1 file changed, 72 insertions(+), 10 deletions(-)
---
diff --git a/fractal-gtk/src/app/backend_loop.rs b/fractal-gtk/src/app/backend_loop.rs
index ae1a7623..45385047 100644
--- a/fractal-gtk/src/app/backend_loop.rs
+++ b/fractal-gtk/src/app/backend_loop.rs
@@ -1,6 +1,8 @@
use crate::app::App;
use crate::i18n::i18n;
+use lazy_static::lazy_static;
use log::{error, info};
+use regex::Regex;
use crate::actions::{activate_action, AppState};
@@ -194,12 +196,20 @@ pub fn backend_loop(rx: Receiver<BKResponse>) {
// errors
BKResponse::AccountDestruction(Err(err)) => {
let error = i18n("Couldn’t delete the account");
- error!("{:?}", err);
+ let err_str = format!("{:?}", err);
+ error!(
+ "{}",
+ remove_matrix_access_token_if_present(&err_str).unwrap_or(err_str)
+ );
APPOP!(show_error_dialog_in_settings, (error));
}
BKResponse::ChangePassword(Err(err)) => {
let error = i18n("Couldn’t change the password");
- error!("{:?}", err);
+ let err_str = format!("{:?}", err);
+ error!(
+ "{}",
+ remove_matrix_access_token_if_present(&err_str).unwrap_or(err_str)
+ );
APPOP!(show_password_error_dialog, (error));
}
BKResponse::GetThreePID(Err(_)) => {
@@ -212,16 +222,28 @@ pub fn backend_loop(rx: Receiver<BKResponse>) {
}
BKResponse::GetTokenEmail(Err(err)) => {
let error = i18n("Couldn’t add the email address.");
- error!("{:?}", err);
+ let err_str = format!("{:?}", err);
+ error!(
+ "{}",
+ remove_matrix_access_token_if_present(&err_str).unwrap_or(err_str)
+ );
APPOP!(show_error_dialog_in_settings, (error));
}
BKResponse::GetTokenPhone(Err(err)) => {
let error = i18n("Couldn’t add the phone number.");
- error!("{:?}", err);
+ let err_str = format!("{:?}", err);
+ error!(
+ "{}",
+ remove_matrix_access_token_if_present(&err_str).unwrap_or(err_str)
+ );
APPOP!(show_error_dialog_in_settings, (error));
}
BKResponse::NewRoom(Err(err), internal_id) => {
- error!("{:?}", err);
+ let err_str = format!("{:?}", err);
+ error!(
+ "{}",
+ remove_matrix_access_token_if_present(&err_str).unwrap_or(err_str)
+ );
let error = i18n("Can’t create the room, try again");
let state = AppState::NoRoom;
@@ -230,14 +252,23 @@ pub fn backend_loop(rx: Receiver<BKResponse>) {
APPOP!(set_state, (state));
}
BKResponse::JoinRoom(Err(err)) => {
- error!("{:?}", err);
+ let err_str = format!("{:?}", err);
+ error!(
+ "{}",
+ remove_matrix_access_token_if_present(&err_str).unwrap_or(err_str)
+ );
+
let error = format!("{}", i18n("Can’t join the room, try again."));
let state = AppState::NoRoom;
APPOP!(show_error, (error));
APPOP!(set_state, (state));
}
BKResponse::ChangeLanguage(Err(err)) => {
- error!("Error forming url to set room language: {:?}", err);
+ let err_str = format!("{:?}", err);
+ error!(
+ "Error forming url to set room language: {}",
+ remove_matrix_access_token_if_present(&err_str).unwrap_or(err_str)
+ );
}
BKResponse::LoginError(_) => {
let error = i18n("Can’t login, try again");
@@ -247,7 +278,11 @@ pub fn backend_loop(rx: Receiver<BKResponse>) {
APPOP!(set_state, (st));
}
BKResponse::AttachedFile(Err(err)) => {
- error!("attaching {:?}: retrying send", err);
+ let err_str = format!("{:?}", err);
+ error!(
+ "attaching {}: retrying send",
+ remove_matrix_access_token_if_present(&err_str).unwrap_or(err_str)
+ );
APPOP!(retry_send);
}
BKResponse::SentMsg(Err(err)) => match err {
@@ -270,13 +305,40 @@ pub fn backend_loop(rx: Receiver<BKResponse>) {
APPOP!(show_error, (error));
}
BKResponse::Sync(Err(err)) => {
- error!("SYNC Error: {:?}", err);
+ let err_str = format!("{:?}", err);
+ error!(
+ "SYNC Error: {}",
+ remove_matrix_access_token_if_present(&err_str).unwrap_or(err_str)
+ );
APPOP!(sync_error);
}
err => {
- error!("Query error: {:?}", err);
+ let err_str = format!("{:?}", err);
+ error!(
+ "Query error: {}",
+ remove_matrix_access_token_if_present(&err_str).unwrap_or(err_str)
+ );
}
};
}
});
}
+
+/// This function removes the value of the `access_token` query from a URL used for accessing the Matrix API.
+/// The primary use case is the removing of sensitive information for logging.
+/// Specifically, the URL is expected to be contained within quotes and the token is replaced with
`<redacted>`.
+/// Returns `Some` on removal, otherwise `None`.
+fn remove_matrix_access_token_if_present(message: &str) -> Option<String> {
+ lazy_static! {
+ static ref RE: Regex =
+ Regex::new(r#""((http)|(https))://([^"]+)/_matrix/([^"]+)\?access_token=(?P<token>[^&"]+)([^"]*)""#,)
+ .expect("Malformed regular expression.");
+ }
+ // If the supplied string doesn't contain a match for the regex, we return `None`.
+ let cap = RE.captures(message)?;
+ let captured_token = cap
+ .name("token")
+ .expect("'token' capture group not present.")
+ .as_str();
+ Some(message.replace(captured_token, "<redacted>"))
+}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
