fix(scan): Add function to avoid writing creds in jobservice logs, switch to debug instead of info (#15747)

Signed-off-by: Alexis <60alexis@gmail.com>
2024-11-15 23:05:57 +01:00 · 2021-10-22 05:34:15 +02:00 · 2021-10-22 05:34:15 +02:00 · 5fd6168c57
commit 5fd6168c57
parent 3da8e573a0
1 changed files with 36 additions and 5 deletions
--- a/src/pkg/scan/job.go
+++ b/src/pkg/scan/job.go
@ -162,8 +162,8 @@ func (j *Job) Run(ctx job.Context, params job.Parameters) error {
 	mimeTypes, _ := extractMimeTypes(params)

 	// Print related infos to log
-	printJSONParameter(JobParamRegistration, params[JobParamRegistration].(string), myLogger)
-	printJSONParameter(JobParameterRequest, removeAuthInfo(req), myLogger)
+	printJSONParameter(JobParamRegistration, removeRegistrationAuthInfo(r), myLogger)
+	printJSONParameter(JobParameterRequest, removeScanAuthInfo(req), myLogger)
 	myLogger.Infof("Report mime types: %v\n", mimeTypes)

 	if shouldStop() {
@ -371,7 +371,7 @@ func logAndWrapError(logger logger.Interface, err error, message string) error {
 }

 func printJSONParameter(parameter string, v string, logger logger.Interface) {
-	logger.Infof("%s:\n", parameter)
+	logger.Debugf("%s:\n", parameter)
 	printPrettyJSON([]byte(v), logger)
 }

@ -385,7 +385,7 @@ func printPrettyJSON(in []byte, logger logger.Interface) {
 	logger.Infof("%s\n", out.String())
 }

-func removeAuthInfo(sr *v1.ScanRequest) string {
+func removeScanAuthInfo(sr *v1.ScanRequest) string {
 	req := &v1.ScanRequest{
 		Artifact: sr.Artifact,
 		Registry: &v1.Registry{
@ -396,7 +396,38 @@ func removeAuthInfo(sr *v1.ScanRequest) string {

 	str, err := req.ToJSON()
 	if err != nil {
-		logger.Error(errors.Wrap(err, "scan job: remove auth"))
+		logger.Error(errors.Wrap(err, "scan job: remove auth for scan request"))
+	}
+
+	return str
+}
+
+func removeRegistrationAuthInfo(sr *scanner.Registration) string {
+	req := &scanner.Registration{
+		ID:               sr.ID,
+		UUID:             sr.UUID,
+		Name:             sr.Name,
+		Description:      sr.Description,
+		URL:              sr.URL,
+		Disabled:         sr.Disabled,
+		IsDefault:        sr.IsDefault,
+		Health:           sr.Health,
+		Auth:             sr.Auth,
+		AccessCredential: "[HIDDEN]",
+		SkipCertVerify:   sr.SkipCertVerify,
+		UseInternalAddr:  sr.UseInternalAddr,
+		Immutable:        sr.Immutable,
+		Adapter:          sr.Adapter,
+		Vendor:           sr.Vendor,
+		Version:          sr.Version,
+		Metadata:         sr.Metadata,
+		CreateTime:       sr.CreateTime,
+		UpdateTime:       sr.UpdateTime,
+	}
+
+	str, err := req.ToJSON()
+	if err != nil {
+		logger.Error(errors.Wrap(err, "scan job: remove auth for registration"))
 	}

 	return str