Skip to content

Commit c355711

Browse files
sfc-gh-ext-simba-jlsfc-gh-ext-simba-jl
authored
SNOW-1260011: mask password in the logs (#1116)
The logger will now masked all secrets in the logs.
1 parent 5570db2 commit c355711

File tree

2 files changed

+32
-3
lines changed

2 files changed

+32
-3
lines changed

log.go

+15-3
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,14 @@ package gosnowflake
55
import (
66
"context"
77
"fmt"
8-
rlog "github.com/sirupsen/logrus"
98
"io"
109
"os"
1110
"path"
1211
"runtime"
1312
"strings"
1413
"time"
14+
15+
rlog "github.com/sirupsen/logrus"
1516
)
1617

1718
// SFSessionIDKey is context key of session id
@@ -61,6 +62,16 @@ type defaultLogger struct {
6162
file *os.File
6263
}
6364

65+
type sfTextFormatter struct {
66+
rlog.TextFormatter
67+
}
68+
69+
func (f *sfTextFormatter) Format(entry *rlog.Entry) ([]byte, error) {
70+
// mask all secrets before calling the default Format method
71+
entry.Message = maskSecrets(entry.Message)
72+
return f.TextFormatter.Format(entry)
73+
}
74+
6475
// SetLogLevel set logging level for calling defaultLogger
6576
func (log *defaultLogger) SetLogLevel(level string) error {
6677
newEnabled := strings.ToUpper(level) != "OFF"
@@ -116,9 +127,10 @@ func (log *defaultLogger) WithContext(ctx context.Context) *rlog.Entry {
116127
// CreateDefaultLogger return a new instance of SFLogger with default config
117128
func CreateDefaultLogger() SFLogger {
118129
var rLogger = rlog.New()
119-
var formatter = rlog.TextFormatter{CallerPrettyfier: SFCallerPrettyfier}
130+
var formatter = new(sfTextFormatter)
131+
formatter.CallerPrettyfier = SFCallerPrettyfier
132+
rLogger.SetFormatter(formatter)
120133
rLogger.SetReportCaller(true)
121-
rLogger.SetFormatter(&formatter)
122134
var ret = defaultLogger{inner: rLogger, enabled: true}
123135
return &ret //(&ret).(*SFLogger)
124136
}

log_test.go

+17
Original file line numberDiff line numberDiff line change
@@ -323,3 +323,20 @@ func TestLogKeysWithRegisterContextVariableToLog(t *testing.T) {
323323
t.Fatalf("expected that REQUEST_ID would be in logs if logger.WithContext and RegisterContextVariableToLog was used, but got: %v", strbuf)
324324
}
325325
}
326+
327+
func TestLogMaskSecrets(t *testing.T) {
328+
logger := CreateDefaultLogger()
329+
buf := &bytes.Buffer{}
330+
logger.SetOutput(buf)
331+
332+
ctx := context.Background()
333+
query := "create user testuser password='testpassword'"
334+
logger.WithContext(ctx).Infof("Query: %#v", query)
335+
336+
// verify output
337+
expected := "create user testuser password='****"
338+
var strbuf = buf.String()
339+
if !strings.Contains(strbuf, expected) {
340+
t.Fatalf("expected that password would be masked. WithContext was used, but got: %v", strbuf)
341+
}
342+
}

0 commit comments

Comments
 (0)