Hide passwords in error logs (#205)

* Hide postgres login:password string in error log * Hide login:password string in error log of mysql, rabbitmq and redis * Go format code * Improve regular expressions to hide passwords
atkrad · Jan 23, 2024 · 165dd26 · 165dd26
1 parent 7ed908e
commit 165dd26
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 4 deletions.
diff --git a/checker/mysql/mysql.go b/checker/mysql/mysql.go
@@ -22,8 +22,11 @@ import (
 	"wait4x.dev/v2/checker"
 	// Needed for the MySQL driver
 	_ "github.com/go-sql-driver/mysql"
+	"regexp"
 )
 
+var hidePasswordRegexp = regexp.MustCompile(`^([^:]+):[^:@]+@`)
+
 // MySQL represents MySQL checker
 type MySQL struct {
 	dsn string
@@ -66,7 +69,7 @@ func (m *MySQL) Check(ctx context.Context) (err error) {
 		if checker.IsConnectionRefused(err) {
 			return checker.NewExpectedError(
 				"failed to establish a connection to the mysql server", err,
-				"dsn", m.dsn,
+				"dsn", hidePasswordRegexp.ReplaceAllString(m.dsn, `$1:***@`),
 			)
 		}
 

diff --git a/checker/postgresql/postgresql.go b/checker/postgresql/postgresql.go
@@ -22,8 +22,11 @@ import (
 	"wait4x.dev/v2/checker"
 	// Needed for the PostgreSQL driver
 	_ "github.com/lib/pq"
+	"regexp"
 )
 
+var hidePasswordRegexp = regexp.MustCompile(`^(postgres://[^/:]+):[^:@]+@`)
+
 // PostgreSQL represents PostgreSQL checker
 type PostgreSQL struct {
 	dsn string
@@ -66,7 +69,7 @@ func (p *PostgreSQL) Check(ctx context.Context) (err error) {
 		if checker.IsConnectionRefused(err) {
 			return checker.NewExpectedError(
 				"failed to establish a connection to the postgresql server", err,
-				"dsn", p.dsn,
+				"dsn", hidePasswordRegexp.ReplaceAllString(p.dsn, `$1:***@`),
 			)
 		}
 

diff --git a/checker/rabbitmq/rabbitmq.go b/checker/rabbitmq/rabbitmq.go
@@ -20,10 +20,13 @@ import (
 	"fmt"
 	"github.com/streadway/amqp"
 	"net"
+	"regexp"
 	"time"
 	"wait4x.dev/v2/checker"
 )
 
+var hidePasswordRegexp = regexp.MustCompile(`(amqp://[^/:]+):[^:@]+@`)
+
 // Option configures a RabbitMQ.
 type Option func(r *RabbitMQ)
 
@@ -118,7 +121,7 @@ func (r *RabbitMQ) Check(ctx context.Context) (err error) {
 		if checker.IsConnectionRefused(err) {
 			return checker.NewExpectedError(
 				"failed to establish a connection to the rabbitmq server", err,
-				"dsn", r.dsn,
+				"dsn", hidePasswordRegexp.ReplaceAllString(r.dsn, `$1:***@`),
 			)
 		}
 

diff --git a/checker/redis/redis.go b/checker/redis/redis.go
@@ -24,6 +24,8 @@ import (
 	"wait4x.dev/v2/checker"
 )
 
+var hidePasswordRegexp = regexp.MustCompile(`([^/]+//[^/:]+):[^:@]+@`)
+
 // Option configures a Redis.
 type Option func(r *Redis)
 
@@ -94,7 +96,7 @@ func (r *Redis) Check(ctx context.Context) error {
 		if checker.IsConnectionRefused(err) {
 			return checker.NewExpectedError(
 				"failed to establish a connection to the redis server", err,
-				"dsn", r.address,
+				"dsn", hidePasswordRegexp.ReplaceAllString(r.address, `$1:***@`),
 			)
 		}