From 3983b966b2793296378f2de1643305a9ab96e71c Mon Sep 17 00:00:00 2001 From: bdular Date: Tue, 26 Nov 2024 23:14:45 +0100 Subject: [PATCH 1/2] Added function and tests to redact password from URL --- .../connectionmanager/connection_manager.go | 10 ++++- .../connection_manager_test.go | 40 +++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 internal/connectionmanager/connection_manager_test.go diff --git a/internal/connectionmanager/connection_manager.go b/internal/connectionmanager/connection_manager.go index 8e659ea..c8eaed7 100644 --- a/internal/connectionmanager/connection_manager.go +++ b/internal/connectionmanager/connection_manager.go @@ -3,6 +3,7 @@ package connectionmanager import ( "errors" "fmt" + "net/url" "sync" "time" @@ -42,12 +43,19 @@ func dial(log logger.Logger, resolver Resolver, conf amqp.Config) (*amqp.Connect if err == nil { return conn, err } - log.Warnf("failed to connect to amqp server %s: %v", url, err) + + // Log masked url + log.Warnf("failed to connect to amqp server %s: %v", maskPassword(url), err) errs = append(errs, err) } return nil, errors.Join(errs...) } +func maskPassword(urlToMask string) string { + parsedUrl, _ := url.Parse(urlToMask) + return parsedUrl.Redacted() +} + // NewConnectionManager creates a new connection manager func NewConnectionManager(resolver Resolver, conf amqp.Config, log logger.Logger, reconnectInterval time.Duration) (*ConnectionManager, error) { conn, err := dial(log, resolver, amqp.Config(conf)) diff --git a/internal/connectionmanager/connection_manager_test.go b/internal/connectionmanager/connection_manager_test.go new file mode 100644 index 0000000..61a48a7 --- /dev/null +++ b/internal/connectionmanager/connection_manager_test.go @@ -0,0 +1,40 @@ +package connectionmanager + +import "testing" + +func Test_maskUrl(t *testing.T) { + tests := []struct { + name string + url string + expected string + }{ + { + name: "No username or password", + url: "amqp://localhost", + expected: "amqp://localhost", + }, + { + name: "With username and password", + url: "amqp://user:password@localhost", + expected: "amqp://user:xxxxx@localhost", + }, + { + name: "With username and password and query params", + url: "amqp://user:password@localhost?heartbeat=60", + expected: "amqp://user:xxxxx@localhost?heartbeat=60", + }, + { + name: "Invalid URL", + url: "invalidUrl", + expected: "invalidUrl", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if maskPassword(tt.url) != tt.expected { + t.Errorf("masked password = %v, but wanted %v", maskPassword(tt.url), tt.expected) + } + }) + } +} From c9fe7d9aa0398981e592ad9f6cb5b14330a62753 Mon Sep 17 00:00:00 2001 From: bdular Date: Wed, 27 Nov 2024 00:08:10 +0100 Subject: [PATCH 2/2] Removed comment --- internal/connectionmanager/connection_manager.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/internal/connectionmanager/connection_manager.go b/internal/connectionmanager/connection_manager.go index c8eaed7..1967c46 100644 --- a/internal/connectionmanager/connection_manager.go +++ b/internal/connectionmanager/connection_manager.go @@ -43,8 +43,6 @@ func dial(log logger.Logger, resolver Resolver, conf amqp.Config) (*amqp.Connect if err == nil { return conn, err } - - // Log masked url log.Warnf("failed to connect to amqp server %s: %v", maskPassword(url), err) errs = append(errs, err) }