DebugRequestMiddleware: Remove path handling

thaJeztah · Tibor Vass · commit f8a0f26843bc · 2019-07-09T21:42:12.000Z
Path-specific rules were removed, so this is no longer used.

Signed-off-by: Sebastiaan van Stijn &lt;github@gone.nl&gt;
(cherry picked from commit 530e63c1a61b105a6f7fc143c5acb9b5cd87f958)
Signed-off-by: Tibor Vass &lt;tibor@docker.com&gt;
diff --git a/api/server/middleware/debug.go b/api/server/middleware/debug.go
@@ -41,7 +41,7 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 
 		var postForm map[string]interface{}
 		if err := json.Unmarshal(b, &postForm); err == nil {
-			maskSecretKeys(postForm, r.RequestURI)
+			maskSecretKeys(postForm)
 			formStr, errMarshal := json.Marshal(postForm)
 			if errMarshal == nil {
 				logrus.Debugf("form data: %s", string(formStr))
@@ -54,18 +54,10 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 	}
 }
 
-func maskSecretKeys(inp interface{}, path string) {
-	// Remove any query string from the path
-	idx := strings.Index(path, "?")
-	if idx != -1 {
-		path = path[:idx]
-	}
-	// Remove trailing / characters
-	path = strings.TrimRight(path, "/")
-
+func maskSecretKeys(inp interface{}) {
 	if arr, ok := inp.([]interface{}); ok {
 		for _, f := range arr {
-			maskSecretKeys(f, path)
+			maskSecretKeys(f)
 		}
 		return
 	}
@@ -92,7 +84,7 @@ func maskSecretKeys(inp interface{}, path string) {
 					continue loop0
 				}
 			}
-			maskSecretKeys(v, path)
+			maskSecretKeys(v)
 		}
 	}
 }
diff --git a/api/server/middleware/debug_test.go b/api/server/middleware/debug_test.go
@@ -10,49 +10,16 @@ import (
 func TestMaskSecretKeys(t *testing.T) {
 	tests := []struct {
 		doc      string
-		path     string
 		input    map[string]interface{}
 		expected map[string]interface{}
 	}{
 		{
-			doc:      "secret create with API version",
-			path:     "/v1.30/secrets/create",
+			doc:      "secret/config create and update requests",
 			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
 			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
 		},
 		{
-			doc:      "secret create with API version and trailing slashes",
-			path:     "/v1.30/secrets/create//",
-			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
-			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
-		},
-		{
-			doc:      "secret create with query param",
-			path:     "/secrets/create?key=val",
-			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
-			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
-		},
-		{
-			doc:      "secret update with API version",
-			path:     "/v1.30/secrets/mysecret/update",
-			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
-			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
-		},
-		{
-			doc:      "secret update with API version and trailing slashes",
-			path:     "/v1.30/secrets/mysecret/update//",
-			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
-			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
-		},
-		{
-			doc:      "secret update with query parameter",
-			path:     "/secrets/mysecret/update?version=34",
-			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
-			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
-		},
-		{
-			doc:  "other paths with API version",
-			path: "/v1.30/some/other/path",
+			doc: "masking other fields (recursively)",
 			input: map[string]interface{}{
 				"password":     "pass",
 				"secret":       "secret",
@@ -83,8 +50,7 @@ func TestMaskSecretKeys(t *testing.T) {
 			},
 		},
 		{
-			doc:  "other paths with API version case insensitive",
-			path: "/v1.30/some/other/path",
+			doc: "case insensitive field matching",
 			input: map[string]interface{}{
 				"PASSWORD": "pass",
 				"other": map[string]interface{}{
@@ -102,7 +68,7 @@ func TestMaskSecretKeys(t *testing.T) {
 
 	for _, testcase := range tests {
 		t.Run(testcase.doc, func(t *testing.T) {
-			maskSecretKeys(testcase.input, testcase.path)
+			maskSecretKeys(testcase.input)
 			assert.Check(t, is.DeepEqual(testcase.expected, testcase.input))
 		})
 	}

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri`
`41`	`41`
`42`	`42`	`var postForm map[string]interface{}`
`43`	`43`	`if err := json.Unmarshal(b, &postForm); err == nil {`
`44`		`- maskSecretKeys(postForm, r.RequestURI)`
	`44`	`+ maskSecretKeys(postForm)`
`45`	`45`	`formStr, errMarshal := json.Marshal(postForm)`
`46`	`46`	`if errMarshal == nil {`
`47`	`47`	`logrus.Debugf("form data: %s", string(formStr))`
`@@ -54,18 +54,10 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri`
`54`	`54`	`}`
`55`	`55`	`}`
`56`	`56`
`57`		`-func maskSecretKeys(inp interface{}, path string) {`
`58`		`- // Remove any query string from the path`
`59`		`- idx := strings.Index(path, "?")`
`60`		`- if idx != -1 {`
`61`		`- path = path[:idx]`
`62`		`- }`
`63`		`- // Remove trailing / characters`
`64`		`- path = strings.TrimRight(path, "/")`
`65`		`-`
	`57`	`+func maskSecretKeys(inp interface{}) {`
`66`	`58`	`if arr, ok := inp.([]interface{}); ok {`
`67`	`59`	`for _, f := range arr {`
`68`		`- maskSecretKeys(f, path)`
	`60`	`+ maskSecretKeys(f)`
`69`	`61`	`}`
`70`	`62`	`return`
`71`	`63`	`}`
`@@ -92,7 +84,7 @@ func maskSecretKeys(inp interface{}, path string) {`
`92`	`84`	`continue loop0`
`93`	`85`	`}`
`94`	`86`	`}`
`95`		`- maskSecretKeys(v, path)`
	`87`	`+ maskSecretKeys(v)`
`96`	`88`	`}`
`97`	`89`	`}`
`98`	`90`	`}`