middleware: Redact secret data on "secret create"

With debug logging turned on, we currently log the base64-encoded secret payload. Change the middleware code to redact this. Since the field is called "Data", it requires some context-sensitivity. The URI path is examined to see which route is being invoked. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2022-11-09 12:21:53 -05:00 · 2017-06-29 16:04:47 -07:00 · 2017-06-29 16:04:47 -07:00 · 3fbc352cbb
commit 3fbc352cbb
parent 56ad9bb1b4
2 changed files with 80 additions and 4 deletions
--- a/api/server/middleware/debug.go
+++ b/api/server/middleware/debug.go
@ -41,7 +41,7 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri

 		var postForm map[string]interface{}
 		if err := json.Unmarshal(b, &postForm); err == nil {
-			maskSecretKeys(postForm)
+			maskSecretKeys(postForm, r.RequestURI)
 			formStr, errMarshal := json.Marshal(postForm)
 			if errMarshal == nil {
 				logrus.Debugf("form data: %s", string(formStr))
@ -54,13 +54,22 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 	}
 }

-func maskSecretKeys(inp interface{}) {
+func maskSecretKeys(inp interface{}, path string) {
+	// Remove any query string from the path
+	idx := strings.Index(path, "?")
+	if idx != -1 {
+		path = path[:idx]
+	}
+	// Remove trailing / characters
+	path = strings.TrimRight(path, "/")
+
 	if arr, ok := inp.([]interface{}); ok {
 		for _, f := range arr {
-			maskSecretKeys(f)
+			maskSecretKeys(f, path)
 		}
 		return
 	}
+
 	if form, ok := inp.(map[string]interface{}); ok {
 	loop0:
 		for k, v := range form {
@ -70,7 +79,16 @@ func maskSecretKeys(inp interface{}) {
 					continue loop0
 				}
 			}
-			maskSecretKeys(v)
+			maskSecretKeys(v, path)
+		}
+
+		// Route-specific redactions
+		if strings.HasSuffix(path, "/secrets/create") {
+			for k := range form {
+				if k == "Data" {
+					form[k] = "*****"
+				}
+			}
 		}
 	}
 }