From 5c9876f0cdfad7121dd57ea7aaa7b09414ac5d40 Mon Sep 17 00:00:00 2001 From: John Rusk Date: Thu, 27 Jun 2019 15:26:38 +1200 Subject: [PATCH] Add LogSanitizer interface, and ability to call it from ForceLog --- pipeline/core.go | 19 +++++++++++++++++++ pipeline/defaultlog.go | 11 +++++++++++ pipeline/defaultlog_syslog.go | 4 ++-- pipeline/defaultlog_windows.go | 4 ++-- 4 files changed, 34 insertions(+), 4 deletions(-) create mode 100644 pipeline/defaultlog.go diff --git a/pipeline/core.go b/pipeline/core.go index 0dde81d..2af4d6c 100755 --- a/pipeline/core.go +++ b/pipeline/core.go @@ -253,3 +253,22 @@ type methodFactoryMarker struct { func (methodFactoryMarker) New(next Policy, po *PolicyOptions) Policy { panic("methodFactoryMarker policy should have been replaced with a method policy") } + +// LogSanitizer can be implemented to clean secrets from lines logged by ForceLog +// By default no implemetation is provided here, because pipeline may be used in many different +// contexts, so the correct implementation is context-dependent +type LogSanitizer interface { + SanitizeLogLine(raw string) string +} + +var sanitizer LogSanitizer + +// SetLogSanitizer can be called to supply a custom LogSanitizer. +// There is no threadsafety or locking on the underlying variable, +// so call this function just once at startup of your application +// (Don't later try to change the sanitizer on the fly). +func SetLogSanitizer(s LogSanitizer)(){ + sanitizer = s +} + + diff --git a/pipeline/defaultlog.go b/pipeline/defaultlog.go new file mode 100644 index 0000000..947d34d --- /dev/null +++ b/pipeline/defaultlog.go @@ -0,0 +1,11 @@ +package pipeline + + +// ForceLog should rarely be used. It forceable logs an entry to the +// Windows Event Log (on Windows) or to the SysLog (on Linux) +func ForceLog(level LogLevel, msg string) { + if sanitizer != nil { + msg = sanitizer.SanitizeLogLine(msg) + } + forceLog(level, msg) +} diff --git a/pipeline/defaultlog_syslog.go b/pipeline/defaultlog_syslog.go index d0bb774..819509a 100755 --- a/pipeline/defaultlog_syslog.go +++ b/pipeline/defaultlog_syslog.go @@ -7,9 +7,9 @@ import ( "log/syslog" ) -// ForceLog should rarely be used. It forceable logs an entry to the +// forceLog should rarely be used. It forceable logs an entry to the // Windows Event Log (on Windows) or to the SysLog (on Linux) -func ForceLog(level LogLevel, msg string) { +func forceLog(level LogLevel, msg string) { if defaultLogger == nil { return // Return fast if we failed to create the logger. } diff --git a/pipeline/defaultlog_windows.go b/pipeline/defaultlog_windows.go index 85a3273..5fcf400 100755 --- a/pipeline/defaultlog_windows.go +++ b/pipeline/defaultlog_windows.go @@ -6,9 +6,9 @@ import ( "unsafe" ) -// ForceLog should rarely be used. It forceable logs an entry to the +// forceLog should rarely be used. It forceable logs an entry to the // Windows Event Log (on Windows) or to the SysLog (on Linux) -func ForceLog(level LogLevel, msg string) { +func forceLog(level LogLevel, msg string) { var el eventType switch level { case LogError, LogFatal, LogPanic: