forked from getsentry/raven-go
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprocessors.go
102 lines (85 loc) · 2.16 KB
/
processors.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package raven
import (
"net/url"
"regexp"
"strings"
)
const Mask = "********"
var querySecretKeys = []string{"api_key", "apikey", "authorization", "passwd", "password", "secret"}
var querySecretValues = []string{`/^(?:\d[ -]*?){13,16}$/`}
// Scrub all data for a packet
func (client *Client) Scrub(packet *Packet) *Packet {
packet = defaultProcessor(packet)
for _, processor := range *client.Config.Processors {
packet = processor(packet)
}
return packet
}
// Default processor for a packet
func defaultProcessor(packet *Packet) *Packet {
for _, packetInterface := range packet.Interfaces {
switch typedInterface := packetInterface.(type) {
case *Http:
scrubStringMap(typedInterface.Headers)
default:
continue
}
}
return packet
}
// Scrubs map of string -> string
func scrubStringMap(stringMap map[string]string) map[string]string {
// Loops through the map and scrubs and sensitive data
for key, val := range stringMap {
stringMap[key] = scrubKeyValuePair(key, val)
}
return stringMap
}
// Check key/value pair for sensitive data
func scrubKeyValuePair(key, val string) string {
if keyIsSensitive(key) {
return Mask
}
if valIsSensitive(val) {
return Mask
}
return val
}
// Check keys for sensitive data, matches list of substrings
func keyIsSensitive(key string) (sensitive bool) {
for _, secretKey := range querySecretKeys {
// Make lower for case insensitive compare
key = strings.ToLower(key)
if strings.Contains(key, secretKey) {
return true
}
}
return false
}
// Check values for sensitive data, matches regex list
func valIsSensitive(val string) (sensitive bool) {
for _, regex := range querySecretValues {
// Note: This will panic if querySecretValues has a bad regex
regexMatcher := regexp.MustCompile(regex)
if regexMatcher.MatchString(val) {
return true
}
}
return false
}
// Sanitize the query before sending it
func scrubQuery(query url.Values) url.Values {
for key, values := range query {
for index, val := range values {
// Check key
if keyIsSensitive(key) {
query[key] = []string{Mask}
}
// Check value
if valIsSensitive(val) {
query[key][index] = Mask
}
}
}
return query
}