From 6b60f36bf9a149339927811bca0d1c03211897a0 Mon Sep 17 00:00:00 2001 From: Integralist Date: Mon, 16 May 2022 17:04:35 +0100 Subject: [PATCH 1/4] fix goreleaser reported AppVersion --- .goreleaser.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 20739aeee..67c70c36d 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -12,7 +12,7 @@ builds: - <<: &build_defaults main: ./cmd/fastly ldflags: - - -s -w -X "github.com/fastly/cli/pkg/revision.AppVersion={{ .Version }}" + - -s -w -X "github.com/fastly/cli/pkg/revision.AppVersion=v{{ .Version }}" - -X "github.com/fastly/cli/pkg/revision.GitCommit={{ .ShortCommit }}" - -X "github.com/fastly/cli/pkg/revision.GoVersion={{ .Env.GOVERSION }}" - -X "github.com/fastly/cli/pkg/revision.Environment=release" From 53b1b4fc699fa8efb192f1fd2743a9b5b1e21f06 Mon Sep 17 00:00:00 2001 From: Integralist Date: Mon, 16 May 2022 17:55:54 +0100 Subject: [PATCH 2/4] filter token data --- pkg/errors/log.go | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/pkg/errors/log.go b/pkg/errors/log.go index fbfe6d639..7be3f75c2 100644 --- a/pkg/errors/log.go +++ b/pkg/errors/log.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "path/filepath" + "regexp" "runtime" "strings" "sync" @@ -82,7 +83,7 @@ func (l LogEntries) Persist(logPath string, args []string) error { // // Disabling as the input is determined from our own package. /* #nosec */ - f, err := os.OpenFile(logPath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600) + f, err := os.OpenFile(logPath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o600) if err != nil { return fmt.Errorf(errMsg, err) } @@ -141,11 +142,27 @@ ERROR: return nil } +var ( + // TokenRegEx matches a Token as part of the error output (https://regex101.com/r/ulIw1m/1) + TokenRegEx = regexp.MustCompile(`Token ([\w-]+)`) + // TokenFlagRegEx matches the token flag (https://regex101.com/r/rTZoFJ/1) + TokenFlagRegEx = regexp.MustCompile(`(-t|--token)(\s|=)([\w-]+)`) +) + +// filterToken replaces any matched patterns with "REDACTED". +// +// EXAMPLE: https://go.dev/play/p/OZ0gYKGsPur +func filterToken(input string) (inputFiltered string) { + inputFiltered = TokenRegEx.ReplaceAllString(input, "Token REDACTED") + inputFiltered = TokenFlagRegEx.ReplaceAllString(inputFiltered, "${1}${2}REDACTED") + return inputFiltered +} + // instrument reports errors to our error analysis platform. func instrument(l LogEntries, cmd string) { sentry.AddBreadcrumb(&sentry.Breadcrumb{ Category: "input", - Message: cmd, + Message: filterToken(cmd), Type: "info", }) for _, entry := range l { @@ -162,7 +179,7 @@ func instrument(l LogEntries, cmd string) { // https://docs.sentry.io/product/issues/issue-details/breadcrumbs/ b := sentry.Breadcrumb{ Data: entry.Context, - Message: fmt.Sprintf("%s (file: %s, line: %d)", entry.Err, file, line), + Message: fmt.Sprintf("%s (file: %s, line: %d)", filterToken(entry.Err.Error()), file, line), Timestamp: entry.Time, Type: "error", } From 53fc27059a7157bcf2af45d6e4546cda693c70e6 Mon Sep 17 00:00:00 2001 From: Integralist Date: Tue, 17 May 2022 11:43:28 +0100 Subject: [PATCH 3/4] use sentry hooks --- cmd/fastly/main.go | 8 ++++++++ pkg/errors/log.go | 16 ++++++++-------- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/cmd/fastly/main.go b/cmd/fastly/main.go index fd8764238..2683483a1 100644 --- a/cmd/fastly/main.go +++ b/cmd/fastly/main.go @@ -39,6 +39,14 @@ func main() { `error matching service name with available services`, `open fastly.toml: no such file or directory`, }, + BeforeSend: func(event *sentry.Event, _ *sentry.EventHint) *sentry.Event { + event.Exception[0].Value = fsterr.FilterToken(event.Exception[0].Value) + return event + }, + BeforeBreadcrumb: func(breadcrumb *sentry.Breadcrumb, _ *sentry.BreadcrumbHint) *sentry.Breadcrumb { + breadcrumb.Message = fsterr.FilterToken(breadcrumb.Message) + return breadcrumb + }, }) if err != nil { log.Fatal(err) diff --git a/pkg/errors/log.go b/pkg/errors/log.go index 7be3f75c2..2fc1e10e2 100644 --- a/pkg/errors/log.go +++ b/pkg/errors/log.go @@ -145,16 +145,16 @@ ERROR: var ( // TokenRegEx matches a Token as part of the error output (https://regex101.com/r/ulIw1m/1) TokenRegEx = regexp.MustCompile(`Token ([\w-]+)`) - // TokenFlagRegEx matches the token flag (https://regex101.com/r/rTZoFJ/1) - TokenFlagRegEx = regexp.MustCompile(`(-t|--token)(\s|=)([\w-]+)`) + // TokenFlagRegEx matches the token flag (https://regex101.com/r/YNr78Q/1) + TokenFlagRegEx = regexp.MustCompile(`(-t|--token)(\s*=?\s*['"]?)([\w-]+)(['"]?)`) ) -// filterToken replaces any matched patterns with "REDACTED". +// FilterToken replaces any matched patterns with "REDACTED". // -// EXAMPLE: https://go.dev/play/p/OZ0gYKGsPur -func filterToken(input string) (inputFiltered string) { +// EXAMPLE: https://go.dev/play/p/cT4BwIh9Asa +func FilterToken(input string) (inputFiltered string) { inputFiltered = TokenRegEx.ReplaceAllString(input, "Token REDACTED") - inputFiltered = TokenFlagRegEx.ReplaceAllString(inputFiltered, "${1}${2}REDACTED") + inputFiltered = TokenFlagRegEx.ReplaceAllString(inputFiltered, "${1}${2}REDACTED${4}") return inputFiltered } @@ -162,7 +162,7 @@ func filterToken(input string) (inputFiltered string) { func instrument(l LogEntries, cmd string) { sentry.AddBreadcrumb(&sentry.Breadcrumb{ Category: "input", - Message: filterToken(cmd), + Message: cmd, Type: "info", }) for _, entry := range l { @@ -179,7 +179,7 @@ func instrument(l LogEntries, cmd string) { // https://docs.sentry.io/product/issues/issue-details/breadcrumbs/ b := sentry.Breadcrumb{ Data: entry.Context, - Message: fmt.Sprintf("%s (file: %s, line: %d)", filterToken(entry.Err.Error()), file, line), + Message: fmt.Sprintf("%s (file: %s, line: %d)", entry.Err.Error(), file, line), Timestamp: entry.Time, Type: "error", } From 36751790e999cb53994cd5512d0f222ba4429cbc Mon Sep 17 00:00:00 2001 From: Integralist Date: Tue, 17 May 2022 11:47:16 +0100 Subject: [PATCH 4/4] ensure all exceptions are checked --- cmd/fastly/main.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cmd/fastly/main.go b/cmd/fastly/main.go index 2683483a1..34809a14d 100644 --- a/cmd/fastly/main.go +++ b/cmd/fastly/main.go @@ -40,7 +40,9 @@ func main() { `open fastly.toml: no such file or directory`, }, BeforeSend: func(event *sentry.Event, _ *sentry.EventHint) *sentry.Event { - event.Exception[0].Value = fsterr.FilterToken(event.Exception[0].Value) + for i, e := range event.Exception { + event.Exception[i].Value = fsterr.FilterToken(e.Value) + } return event }, BeforeBreadcrumb: func(breadcrumb *sentry.Breadcrumb, _ *sentry.BreadcrumbHint) *sentry.Breadcrumb {