Merge pull request #361 from fluxcd/gitlab-status

Return err on invalid UTF-8 character in token
fluxcd · Apr 19, 2022 · d2e3670 · d2e3670
2 parents cd7ad15 + b30e245
commit d2e3670
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 5 deletions.
diff --git a/internal/server/event_handlers.go b/internal/server/event_handlers.go
@@ -29,6 +29,7 @@ import (
 	"time"
 
 	"github.com/fluxcd/pkg/runtime/conditions"
+	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
@@ -264,7 +265,7 @@ func (s *EventServer) handleEvent() func(w http.ResponseWriter, r *http.Request)
 
 			go func(n notifier.Interface, e events.Event) {
 				if err := n.Post(e); err != nil {
-					err = redactTokenFromError(err, token)
+					err = redactTokenFromError(err, token, s.logger)
 
 					s.logger.Error(err, "failed to send notification",
 						"reconciler kind", event.InvolvedObject.Kind,
@@ -318,12 +319,17 @@ func (s *EventServer) eventMatchesAlert(ctx context.Context, event *events.Event
 	return false
 }
 
-func redactTokenFromError(err error, token string) error {
+func redactTokenFromError(err error, token string, log logr.Logger) error {
 	if token == "" {
 		return err
 	}
 
-	re := regexp.MustCompile(fmt.Sprintf("%s*", token))
+	re, compileErr := regexp.Compile(fmt.Sprintf("%s*", token))
+	if compileErr != nil {
+		newErrStr := fmt.Sprintf("error redacting token from error message: %s", compileErr)
+		return errors.New(newErrStr)
+	}
+
 	redacted := re.ReplaceAllString(err.Error(), "*****")
 
 	return errors.New(redacted)

diff --git a/internal/server/event_handlers_test.go b/internal/server/event_handlers_test.go
@@ -2,7 +2,10 @@ package server
 
 import (
 	"errors"
+	"strings"
 	"testing"
+
+	"github.com/fluxcd/pkg/runtime/logger"
 )
 
 func TestRedactTokenFromError(t *testing.T) {
@@ -42,17 +45,31 @@ func TestRedactTokenFromError(t *testing.T) {
 			originalErrStr: `Cannot post to github with token metoo8h0387hdyehbwwa45\\n`,
 			expectedErrStr: `Cannot post to github with token metoo*****\\n`,
 		},
+		{
+			name:           "extra text in front token",
+			token:          "8h0387hdyehbwwa45踙",
+			originalErrStr: `Cannot post to github with token metoo8h0387hdyehbwwa45踙\\n`,
+			expectedErrStr: `Cannot post to github with token metoo*****\\n`,
+		},
+		{
+			name:           "return error on invalid UTF-8 string",
+			token:          "\x18\xd0\xfa\xab\xb2\x93\xbb;\xc0l\xf4\xdc",
+			originalErrStr: `Cannot post to github with token \x18\xd0\xfa\xab\xb2\x93\xbb;\xc0l\xf4\xdc\\n`,
+			expectedErrStr: `error redacting token from error message`,
+		},
 	}
 
 	for _, tt := range tests {
-		err := redactTokenFromError(errors.New(tt.originalErrStr), tt.token)
+		log := logger.NewLogger(logger.Options{})
+		err := redactTokenFromError(errors.New(tt.originalErrStr), tt.token, log)
 		if err == nil {
 			t.Fatalf("error shouldn't be nil")
 		}
 
-		if err.Error() != tt.expectedErrStr {
+		if !strings.Contains(err.Error(), tt.expectedErrStr) {
 			t.Errorf("expected error string '%s' but got '%s'",
 				tt.expectedErrStr, err)
 		}
 	}
+
 }