forked from TrueCloudLab/frostfs-s3-gw
[#489] Sanitize log records that may contain user input
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin
Kira
parent
2ca4dbb190
commit
12d9eb62cb
5 changed files with 22 additions and 9 deletions
|
|
@ -10,15 +10,16 @@ import (
|
|||
"github.com/nspcc-dev/neofs-s3-gw/api/data"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/errors"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/internal/misc"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
func (h *handler) logAndSendError(w http.ResponseWriter, logText string, reqInfo *api.ReqInfo, err error, additional ...zap.Field) {
|
||||
fields := []zap.Field{zap.String("request_id", reqInfo.RequestID),
|
||||
zap.String("method", reqInfo.API),
|
||||
zap.String("bucket_name", reqInfo.BucketName),
|
||||
zap.String("object_name", reqInfo.ObjectName),
|
||||
fields := []zap.Field{zap.String("request_id", misc.SanitizeString(reqInfo.RequestID)),
|
||||
zap.String("method", misc.SanitizeString(reqInfo.API)),
|
||||
zap.String("bucket_name", misc.SanitizeString(reqInfo.BucketName)),
|
||||
zap.String("object_name", misc.SanitizeString(reqInfo.ObjectName)),
|
||||
zap.Error(err)}
|
||||
fields = append(fields, additional...)
|
||||
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ import (
|
|||
"github.com/nspcc-dev/neofs-s3-gw/api"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/data"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/errors"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/internal/misc"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/object"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/user"
|
||||
"go.uber.org/zap"
|
||||
|
|
@ -256,7 +257,7 @@ func (n *layer) CompleteMultipartUpload(ctx context.Context, p *CompleteMultipar
|
|||
if _, ok := objects[0]; !ok {
|
||||
n.log.Error("could not get init multipart upload",
|
||||
zap.Stringer("bucket id", p.Info.Bkt.CID),
|
||||
zap.String("uploadID", p.Info.UploadID),
|
||||
zap.String("uploadID", misc.SanitizeString(p.Info.UploadID)),
|
||||
zap.String("uploadKey", p.Info.Key),
|
||||
)
|
||||
// we return InternalError because if we are here it means we've checked InitPart in handler before and
|
||||
|
|
@ -316,7 +317,7 @@ func (n *layer) CompleteMultipartUpload(ctx context.Context, p *CompleteMultipar
|
|||
})
|
||||
if err != nil {
|
||||
n.log.Error("could not put a completed object (multipart upload)",
|
||||
zap.String("uploadID", p.Info.UploadID),
|
||||
zap.String("uploadID", misc.SanitizeString(p.Info.UploadID)),
|
||||
zap.String("uploadKey", p.Info.Key),
|
||||
zap.Error(err))
|
||||
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import (
|
|||
"github.com/nspcc-dev/neofs-s3-gw/api/data"
|
||||
apiErrors "github.com/nspcc-dev/neofs-s3-gw/api/errors"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/layer/neofs"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/internal/misc"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/client"
|
||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/object"
|
||||
|
|
@ -206,7 +207,7 @@ func (n *layer) PutObject(ctx context.Context, p *PutObjectParams) (*data.Object
|
|||
if err != nil {
|
||||
n.log.Warn("couldn't get creation epoch",
|
||||
zap.String("bucket", p.BktInfo.Name),
|
||||
zap.String("object", p.Object),
|
||||
zap.String("object", misc.SanitizeString(p.Object)),
|
||||
zap.Error(err))
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ import (
|
|||
"github.com/nspcc-dev/neofs-s3-gw/api/data"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/errors"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/api/layer/neofs"
|
||||
"github.com/nspcc-dev/neofs-s3-gw/internal/misc"
|
||||
"github.com/nspcc-dev/neofs-sdk-go/object"
|
||||
oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
|
||||
"go.uber.org/zap"
|
||||
|
|
@ -127,7 +128,7 @@ func (n *layer) putSystemObjectIntoNeoFS(ctx context.Context, p *PutSystemObject
|
|||
if err != nil {
|
||||
n.log.Warn("couldn't get creation epoch",
|
||||
zap.String("bucket", p.BktInfo.Name),
|
||||
zap.String("object", p.ObjName),
|
||||
zap.String("object", misc.SanitizeString(p.ObjName)),
|
||||
zap.Error(err))
|
||||
}
|
||||
|
||||
|
|
@ -135,7 +136,7 @@ func (n *layer) putSystemObjectIntoNeoFS(ctx context.Context, p *PutSystemObject
|
|||
if err = n.objectDelete(ctx, p.BktInfo.CID, id); err != nil {
|
||||
n.log.Warn("couldn't delete system object",
|
||||
zap.Stringer("version id", id),
|
||||
zap.String("name", p.ObjName),
|
||||
zap.String("name", misc.SanitizeString(p.ObjName)),
|
||||
zap.Error(err))
|
||||
}
|
||||
}
|
||||
|
|
|
|||
9
internal/misc/sanitizer.go
Normal file
9
internal/misc/sanitizer.go
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
package misc
|
||||
|
||||
import "strings"
|
||||
|
||||
// SanitizeString sanitizes string before using it in logs. Required
|
||||
// for data from the user input: request body, headers, etc.
|
||||
func SanitizeString(s string) string {
|
||||
return strings.Replace(s, "\n", "", -1)
|
||||
}
|
||||
Loading…
Reference in a new issue