Skip to content

Commit 3d6add9

Browse files
PeterSchaferPeterSchafer
authored
Merge pull request #5828 from snyk/chore/CLI-820_logheader
chore: Change redaction logic to avoid false positive secret detection in log files
2 parents d2c911e + 8296a9d commit 3d6add9

File tree

1 file changed

+11
-6
lines changed

1 file changed

+11
-6
lines changed

cliv2/cmd/cliv2/logheaderfooter.go

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -13,18 +13,25 @@ import (
1313
"strconv"
1414
"strings"
1515

16-
"github.com/snyk/cli/cliv2/internal/cliv2"
17-
"github.com/snyk/cli/cliv2/internal/utils"
1816
"github.com/snyk/error-catalog-golang-public/snyk_errors"
1917
"github.com/snyk/go-application-framework/pkg/auth"
2018
"github.com/snyk/go-application-framework/pkg/configuration"
2119
"github.com/snyk/go-application-framework/pkg/local_workflows/config_utils"
2220

21+
"github.com/snyk/cli/cliv2/internal/cliv2"
22+
"github.com/snyk/cli/cliv2/internal/utils"
23+
2324
localworkflows "github.com/snyk/go-application-framework/pkg/local_workflows"
2425
"github.com/snyk/go-application-framework/pkg/networking"
2526
"github.com/snyk/go-application-framework/pkg/networking/fips"
2627
)
2728

29+
func redactAuthorizationTokens(token string) string {
30+
temp := sha256.Sum256([]byte(token))
31+
tokenShaSum := fmt.Sprintf("%s***%s", hex.EncodeToString(temp[0:4]), hex.EncodeToString(temp[12:16]))
32+
return tokenShaSum
33+
}
34+
2835
func logHeaderAuthorizationInfo(
2936
config configuration.Configuration,
3037
networkAccess networking.NetworkAccess,
@@ -47,18 +54,16 @@ func logHeaderAuthorizationInfo(
4754
if len(splitHeader) == 2 {
4855
tokenType := splitHeader[0]
4956
token := splitHeader[1]
50-
temp := sha256.Sum256([]byte(token))
51-
tokenShaSum = hex.EncodeToString(temp[0:16]) + "[...]"
57+
tokenShaSum = redactAuthorizationTokens(token)
5258
tokenDetails = fmt.Sprintf(" (type=%s)", tokenType)
5359
}
5460

5561
if config.GetBool(configuration.FF_OAUTH_AUTH_FLOW_ENABLED) {
5662
oauthEnabled = "Enabled"
5763
token, err := auth.GetOAuthToken(config)
5864
if token != nil && err == nil {
65+
tokenShaSum = redactAuthorizationTokens(token.AccessToken)
5966
tokenDetails = fmt.Sprintf(" (type=oauth; expiry=%v)", token.Expiry.UTC())
60-
temp := sha256.Sum256([]byte(token.AccessToken))
61-
tokenShaSum = hex.EncodeToString(temp[0:16]) + "[...]"
6267
}
6368
}
6469

0 commit comments

Comments
 (0)