Add support for filtering params during logging

hoisie · hoisie · commit 790006530239 · 2016-08-10T23:02:16.000-07:00
Certain sensitive parameters (e.g passwords) should never be logged.
Add support for a `FilterParams` config option that contains a list of
regular expression strings to be filtered. When a request is made
containing a param with a sensitive name, the value is replaced with the
string `[filtered]`.
diff --git a/server.go b/server.go
@@ -28,11 +28,13 @@ type ServerConfig struct {
 	RecoverPanic bool
 	Profiler     bool
 	ColorOutput  bool
+	FilterParams []string
 }
 
 var defaultConfig = ServerConfig{
 	RecoverPanic: true,
 	ColorOutput:  true,
+	FilterParams: []string{"^password$", "^password_confirm.*$"},
 }
 
 // Server represents a web.go server.
@@ -42,9 +44,10 @@ type Server struct {
 	Logger *log.Logger
 	Env    map[string]interface{}
 	//save the listener so it can be closed
-	l       net.Listener
-	encKey  []byte
-	signKey []byte
+	l            net.Listener
+	encKey       []byte
+	signKey      []byte
+	filterParams []*regexp.Regexp
 }
 
 func NewServer() *Server {
@@ -70,6 +73,11 @@ func (s *Server) initServer() {
 		s.encKey = genKey(s.Config.CookieSecret, "encryption key salt")
 		s.signKey = genKey(s.Config.CookieSecret, "signature key salt")
 	}
+
+	s.filterParams = make([]*regexp.Regexp, len(s.Config.FilterParams))
+	for i, f := range s.Config.FilterParams {
+		s.filterParams[i] = regexp.MustCompile(f)
+	}
 }
 
 type route struct {
@@ -300,27 +308,53 @@ func (s *Server) logRequest(ctx Context, sTime time.Time) {
 
 	var logEntry bytes.Buffer
 	logEntry.WriteString(client)
-	logEntry.WriteString(" - " + s.ttyGreen(req.Method+" "+requestPath))
+	logEntry.WriteString(" - " + s.ttyGreen() + req.Method + " " + requestPath + s.ttyReset())
 	logEntry.WriteString(" - " + duration.String())
 	if len(ctx.Params) > 0 {
-		logEntry.WriteString(" - " + s.ttyWhite(fmt.Sprintf("Params: %v\n", ctx.Params)))
+		s.logParams(&logEntry, ctx.Params)
 	}
 	ctx.Server.Logger.Print(logEntry.String())
 }
 
-func (s *Server) ttyGreen(msg string) string {
-	return s.ttyColor(msg, ttyCodes.green)
+func (s *Server) logParams(logEntry *bytes.Buffer, params map[string]string) {
+	logEntry.WriteString(" - ")
+	logEntry.WriteString(s.ttyWhite())
+	logEntry.WriteString("Params: {")
+	i := 0
+	for k, v := range params {
+		out := v
+		for _, r := range s.filterParams {
+			if r.MatchString(k) {
+				out = "[filtered]"
+			}
+		}
+		fmt.Fprintf(logEntry, "%q: %q", k, out)
+		i += 1
+		if i < len(params) {
+			logEntry.WriteString(", ")
+		}
+	}
+	logEntry.WriteString("}")
+	logEntry.WriteString(s.ttyReset())
+}
+
+func (s *Server) ttyGreen() string {
+	return s.ttyColor(ttyCodes.green)
+}
+
+func (s *Server) ttyWhite() string {
+	return s.ttyColor(ttyCodes.white)
 }
 
-func (s *Server) ttyWhite(msg string) string {
-	return s.ttyColor(msg, ttyCodes.white)
+func (s *Server) ttyReset() string {
+	return s.ttyColor(ttyCodes.reset)
 }
 
-func (s *Server) ttyColor(msg string, colorCode string) string {
+func (s *Server) ttyColor(code string) string {
 	if s.Config.ColorOutput {
-		return colorCode + msg + ttyCodes.reset
+		return code
 	} else {
-		return msg
+		return ""
 	}
 }
 
diff --git a/web_test.go b/web_test.go
@@ -597,6 +597,26 @@ func TestNoColorOutput(t *testing.T) {
 	}
 }
 
+// test that output contains ASCII color codes by default
+func TestFilterParams(t *testing.T) {
+	s := NewServer()
+	var logOutput bytes.Buffer
+	logger := log.New(&logOutput, "", 0)
+	s.Logger = logger
+	s.initServer()
+	s.Post("/test", func() string {
+		return "test"
+	})
+	req := buildTestRequest("POST", "/test", "password=12345&password_confirm=12345", map[string][]string{"Content-Type": {"application/x-www-form-urlencoded"}}, nil)
+	var buf bytes.Buffer
+	iob := ioBuffer{input: nil, output: &buf}
+	c := scgiConn{wroteHeaders: false, req: req, headers: make(map[string][]string), fd: &iob}
+	s.Process(&c, req)
+	if strings.Contains(logOutput.String(), "12345") {
+		t.Fatalf("Params are not being filtered")
+	}
+}
+
 // a malformed SCGI request should be discarded and not cause a panic
 func TestMaformedScgiRequest(t *testing.T) {
 	var headerBuf bytes.Buffer
