#1104 Filter all sensitive command aliases in console filters

2024-12-20 15:47:38 +01:00 · 2017-02-20 22:09:36 +01:00 · 2017-02-20 22:09:36 +01:00 · 922101d755
commit 922101d755
parent 18d8186804
2 changed files with 89 additions and 5 deletions
--- a/src/main/java/fr/xephi/authme/output/LogFilterHelper.java
+++ b/src/main/java/fr/xephi/authme/output/LogFilterHelper.java
@ -1,17 +1,21 @@
 package fr.xephi.authme.output;

+import com.google.common.annotations.VisibleForTesting;
 import fr.xephi.authme.util.StringUtils;

 /**
 * Service class for the log filters.
 */
-public final class LogFilterHelper {
+final class LogFilterHelper {

    private static final String ISSUED_COMMAND_TEXT = "issued server command:";

-    private static final String[] COMMANDS_TO_SKIP = {"/login ", "/l ", "/reg ", "/changepassword ",
-        "/unregister ", "/authme register ", "/authme changepassword ", "/authme reg ", "/authme cp ",
-        "/register "};
+    @VisibleForTesting
+    static final String[] COMMANDS_TO_SKIP = {
+        "/login ", "/l ", "/log ", "/register ", "/reg ", "/unregister ", "/unreg ",
+        "/changepassword ", "/cp ", "/changepass ", "/authme register ",  "/authme reg ", "/authme r ",
+        "/authme changepassword ", "/authme password ", "/authme changepass ", "/authme cp "
+    };

    private LogFilterHelper() {
        // Util class
@ -24,7 +28,7 @@ public final class LogFilterHelper {
     *
     * @return True if it is a sensitive AuthMe command, false otherwise
     */
-    public static boolean isSensitiveAuthMeCommand(String message) {
+    static boolean isSensitiveAuthMeCommand(String message) {
        if (message == null) {
            return false;
        }
--- a/src/test/java/fr/xephi/authme/output/LogFilterHelperTest.java
+++ b/src/test/java/fr/xephi/authme/output/LogFilterHelperTest.java
@ -0,0 +1,80 @@
+package fr.xephi.authme.output;
+
+import com.google.common.base.Preconditions;
+import fr.xephi.authme.command.CommandDescription;
+import fr.xephi.authme.command.CommandInitializer;
+import org.junit.Test;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import static org.hamcrest.Matchers.containsInAnyOrder;
+import static org.junit.Assert.assertThat;
+
+/**
+ * Test for {@link LogFilterHelper}.
+ */
+public class LogFilterHelperTest {
+
+    private static final List<CommandDescription> ALL_COMMANDS = new CommandInitializer().getCommands();
+
+    /**
+     * Checks that {@link LogFilterHelper#COMMANDS_TO_SKIP} contains the entries we expect
+     * (commands with password argument).
+     */
+    @Test
+    public void shouldBlacklistAllSensitiveCommands() {
+        // given
+        List<CommandDescription> sensitiveCommands = Arrays.asList(
+            getCommand("register"), getCommand("login"), getCommand("changepassword"), getCommand("unregister"),
+            getCommand("authme", "register"), getCommand("authme", "changepassword")
+        );
+        // Build array with entries like "/register ", "/authme cp ", "/authme changepass "
+        String[] expectedEntries = sensitiveCommands.stream()
+            .map(cmd -> buildCommandSyntaxes(cmd))
+            .flatMap(List::stream)
+            .map(syntax -> syntax + " ")
+            .toArray(String[]::new);
+
+        // when / then
+        assertThat(Arrays.asList("test", "toast"), containsInAnyOrder("toast", "test"));
+        assertThat(Arrays.asList(LogFilterHelper.COMMANDS_TO_SKIP), containsInAnyOrder(expectedEntries));
+
+    }
+
+    private static CommandDescription getCommand(String label) {
+        return findCommandWithLabel(label, ALL_COMMANDS);
+    }
+
+    private static CommandDescription getCommand(String parentLabel, String childLabel) {
+        CommandDescription parent = getCommand(parentLabel);
+        return findCommandWithLabel(childLabel, parent.getChildren());
+    }
+
+    private static CommandDescription findCommandWithLabel(String label, List<CommandDescription> commands) {
+        return commands.stream()
+            .filter(cmd -> cmd.getLabels().contains(label))
+            .findFirst().orElseThrow(() -> new IllegalArgumentException(label));
+    }
+
+    /**
+     * Returns all "command syntaxes" from which the given command can be reached.
+     * For example, the result might be a List containing "/authme changepassword", "/authme changepass"
+     * and "/authme cp".
+     *
+     * @param command the command to build syntaxes for
+     * @return command syntaxes
+     */
+    private static List<String> buildCommandSyntaxes(CommandDescription command) {
+        // assumes that parent can only have one label -> if this fails in the future, we need to revise this method
+        Preconditions.checkArgument(command.getParent() == null || command.getParent().getLabels().size() == 1);
+
+        String prefix = command.getParent() == null
+            ? "/"
+            : "/" + command.getParent().getLabels().get(0) + " ";
+        return command.getLabels().stream()
+            .map(label -> prefix + label)
+            .collect(Collectors.toList());
+    }
+}