diff options
author | Arlo Breault <arlolra@gmail.com> | 2024-01-03 20:20:01 -0500 |
---|---|---|
committer | Cecylia Bocovich <cohosh@torproject.org> | 2024-01-08 10:03:35 -0500 |
commit | e4c818be7666afd8afe3fa280d88ec49a213e7fb (patch) | |
tree | 34e3373573fd1942163e918b73119af66a09c784 | |
parent | 98db63ad01d9d78b8cd8aad77219a3d900bfdfef (diff) | |
download | snowflake-e4c818be7666afd8afe3fa280d88ec49a213e7fb.tar.gz snowflake-e4c818be7666afd8afe3fa280d88ec49a213e7fb.zip |
Scrub space separated ip addresses
The issue with ReplaceAllFunc is that it's capturing the leading and
trailing spaces in the regexp, so successive ips don't match. From the
docstring,
> If 'All' is present, the routine matches successive non-overlapping
> matches of the entire expression.
For #40306
-rw-r--r-- | common/safelog/log.go | 17 | ||||
-rw-r--r-- | common/safelog/log_test.go | 5 |
2 files changed, 18 insertions, 4 deletions
diff --git a/common/safelog/log.go b/common/safelog/log.go index 0969a83..bece6bf 100644 --- a/common/safelog/log.go +++ b/common/safelog/log.go @@ -21,7 +21,7 @@ const ipv6Full = `(` + ipv6Address + `(` + ipv4Address + `))` + `|(` + ipv6Address + `)` + `|(` + ipv6Compressed + `)` const optionalPort = `(:\d{1,5})?` const addressPattern = `((` + ipv4Address + `)|(\[(` + ipv6Full + `)\])|(` + ipv6Full + `))` + optionalPort -const fullAddrPattern = `(^|\s|[^\w:])` + addressPattern + `(\s|(:\s)|[^\w:]|$)` +const fullAddrPattern = `(?:^|\s|[^\w:])(` + addressPattern + `)(?:\s|(:\s)|[^\w:]|$)` var scrubberPatterns = []*regexp.Regexp{ regexp.MustCompile(fullAddrPattern), @@ -46,9 +46,18 @@ func Scrub(b []byte) []byte { for _, pattern := range scrubberPatterns { // this is a workaround since go does not yet support look ahead or look // behind for regular expressions. - scrubbedBytes = pattern.ReplaceAllFunc(scrubbedBytes, func(b []byte) []byte { - return addressRegexp.ReplaceAll(b, []byte("[scrubbed]")) - }) + var newBytes []byte + index := 0 + for { + loc := pattern.FindSubmatchIndex(scrubbedBytes[index:]) + if loc == nil { + break + } + newBytes = append(newBytes, scrubbedBytes[index:index+loc[2]]...) + newBytes = append(newBytes, []byte("[scrubbed]")...) + index = index + loc[3] + } + scrubbedBytes = append(newBytes, scrubbedBytes[index:]...) } return scrubbedBytes } diff --git a/common/safelog/log_test.go b/common/safelog/log_test.go index b6a719e..267538c 100644 --- a/common/safelog/log_test.go +++ b/common/safelog/log_test.go @@ -107,6 +107,11 @@ func TestLogScrubberMessages(t *testing.T) { "error dialing relay: wss://snowflake.torproject.net/?client_ip=1%3A2%3A3%3A%3Ad%3Ae%3Af = dial tcp xxx", "error dialing relay: wss://snowflake.torproject.net/?client_ip=[scrubbed] = dial tcp xxx\n", }, + { + // multiple space-separated IP addresses + "Allowed stations: [10.0.1.1 10.0.1.2 10.0.1.3 10.0.1.4]\n", + "Allowed stations: [[scrubbed] [scrubbed] [scrubbed] [scrubbed]]\n", + }, } { var buff bytes.Buffer log.SetFlags(0) //remove all extra log output for test comparisons |