diff --git a/mask/sanitize.go b/mask/sanitize.go new file mode 100644 index 0000000000000000000000000000000000000000..0ba4acba0f387138a414c5590ff984c8bd234e5a --- /dev/null +++ b/mask/sanitize.go @@ -0,0 +1,34 @@ +package mask + +import "bytes" + +// Sanitize will mask the sensitive components in a string with `[FILTERED]`. +// This list should maintain parity with the list in +// GitLab-CE, maintained at https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/application.rb. +func Sanitize(s string) string { + redactionBytes := []byte(RedactionString) + buf := bytes.NewBuffer(make([]byte, 0, len(s))) + + for i, queryPart := range bytes.Split([]byte(s), []byte("&")) { + if i != 0 { + buf.WriteByte('&') + } + + splitParam := bytes.SplitN(queryPart, []byte("="), 2) + + if len(splitParam) == 2 { + buf.Write(splitParam[0]) + buf.WriteByte('=') + + if parameterMatcher.Match(splitParam[0]) { + buf.Write(redactionBytes) + } else { + buf.Write(splitParam[1]) + } + } else { + buf.Write(queryPart) + } + } + + return buf.String() +} diff --git a/mask/url.go b/mask/url.go index 652e07cda581d4848c74acdc64af048a476fb837..d520792b37c956d35209449e79928b4009df303d 100644 --- a/mask/url.go +++ b/mask/url.go @@ -1,7 +1,6 @@ package mask import ( - "bytes" "net/url" ) @@ -15,29 +14,8 @@ func URL(originalURL string) string { return "" } - redactionBytes := []byte(RedactionString) - buf := bytes.NewBuffer(make([]byte, 0, len(originalURL))) + sanitized := Sanitize(u.RawQuery) - for i, queryPart := range bytes.Split([]byte(u.RawQuery), []byte("&")) { - if i != 0 { - buf.WriteByte('&') - } - - splitParam := bytes.SplitN(queryPart, []byte("="), 2) - - if len(splitParam) == 2 { - buf.Write(splitParam[0]) - buf.WriteByte('=') - - if parameterMatcher.Match(splitParam[0]) { - buf.Write(redactionBytes) - } else { - buf.Write(splitParam[1]) - } - } else { - buf.Write(queryPart) - } - } - u.RawQuery = buf.String() + u.RawQuery = sanitized return u.String() }