Do not marshal SMPT User/Password and SlackWebhookURL in json file (#289)

taraspos · web-flow · commit a2162c7c8ca5 · 2024-07-06T20:18:26.000+01:00
diff --git a/middlewares/common_test.go b/middlewares/common_test.go
@@ -50,6 +50,14 @@ type TestJob struct {
 	core.BareJob
 }
 
+type TestJobConfig struct {
+	TestJob
+	MailConfig
+	OverlapConfig
+	SaveConfig
+	SlackConfig
+}
+
 func (j *TestJob) Run(ctx *core.Context) error {
 	return nil
 }
diff --git a/middlewares/mail.go b/middlewares/mail.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"crypto/tls"
+
 	"gopkg.in/gomail.v2"
 
 	"github.com/mcuadros/ofelia/core"
@@ -19,8 +20,8 @@ import (
 type MailConfig struct {
 	SMTPHost          string `gcfg:"smtp-host" mapstructure:"smtp-host"`
 	SMTPPort          int    `gcfg:"smtp-port" mapstructure:"smtp-port"`
-	SMTPUser          string `gcfg:"smtp-user" mapstructure:"smtp-user"`
-	SMTPPassword      string `gcfg:"smtp-password" mapstructure:"smtp-password"`
+	SMTPUser          string `gcfg:"smtp-user" mapstructure:"smtp-user" json:"-"`
+	SMTPPassword      string `gcfg:"smtp-password" mapstructure:"smtp-password" json:"-"`
 	SMTPTLSSkipVerify bool   `gcfg:"smtp-tls-skip-verify" mapstructure:"smtp-tls-skip-verify"`
 	EmailTo           string `gcfg:"email-to" mapstructure:"email-to"`
 	EmailFrom         string `gcfg:"email-from" mapstructure:"email-from"`
diff --git a/middlewares/save_test.go b/middlewares/save_test.go
@@ -4,8 +4,10 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strings"
 	"time"
 
+	"github.com/mcuadros/ofelia/core"
 	. "gopkg.in/check.v1"
 )
 
@@ -15,6 +17,31 @@ type SuiteSave struct {
 
 var _ = Suite(&SuiteSave{})
 
+func (s *SuiteSave) SetUpTest(c *C) {
+	job := &TestJobConfig{
+		TestJob: TestJob{
+			BareJob: core.BareJob{
+				Name: "test-job-save",
+			},
+		},
+		MailConfig: MailConfig{
+			SMTPHost:     "test-host",
+			SMTPPassword: "secret-password",
+			SMTPUser:     "secret-user",
+		},
+		SlackConfig: SlackConfig{
+			SlackWebhook: "secret-url",
+		},
+	}
+
+	s.job = &job.TestJob
+
+	sh := core.NewScheduler(&TestLogger{})
+	e := core.NewExecution()
+
+	s.ctx = core.NewContext(sh, job, e)
+}
+
 func (s *SuiteSave) TestNewSlackEmpty(c *C) {
 	c.Assert(NewSave(&SaveConfig{}), IsNil)
 }
@@ -58,3 +85,41 @@ func (s *SuiteSave) TestRunSuccessOnError(c *C) {
 	_, err = os.Stat(filepath.Join(dir, "00010101_000000_foo.json"))
 	c.Assert(err, Not(IsNil))
 }
+
+func (s *SuiteSave) TestSensitiveData(c *C) {
+	dir, err := ioutil.TempDir("/tmp", "save")
+	c.Assert(err, IsNil)
+
+	s.ctx.Start()
+	s.ctx.Stop(nil)
+
+	s.job.Name = "job-with-sensitive-data"
+	s.ctx.Execution.Date = time.Time{}
+
+	m := NewSave(&SaveConfig{SaveFolder: dir})
+	c.Assert(m.Run(s.ctx), IsNil)
+
+	expectedFileName := "00010101_000000_job-with-sensitive-data"
+	_, err = os.Stat(filepath.Join(dir, expectedFileName+".json"))
+	c.Assert(err, IsNil)
+
+	_, err = os.Stat(filepath.Join(dir, expectedFileName+".stdout.log"))
+	c.Assert(err, IsNil)
+
+	_, err = os.Stat(filepath.Join(dir, expectedFileName+".stderr.log"))
+	c.Assert(err, IsNil)
+
+	files, err := os.ReadDir(dir)
+	c.Assert(err, IsNil)
+	c.Assert(files, HasLen, 3)
+
+	for _, file := range files {
+		b, err := os.ReadFile(filepath.Join(dir, file.Name()))
+		c.Assert(err, IsNil)
+
+		if strings.Contains(string(b), "secret") {
+			c.Log(string(b))
+			c.Errorf("found secret string in %q", file.Name())
+		}
+	}
+}
diff --git a/middlewares/slack.go b/middlewares/slack.go
@@ -17,7 +17,7 @@ var (
 
 // SlackConfig configuration for the Slack middleware
 type SlackConfig struct {
-	SlackWebhook     string `gcfg:"slack-webhook" mapstructure:"slack-webhook"`
+	SlackWebhook     string `gcfg:"slack-webhook" mapstructure:"slack-webhook" json:"-"`
 	SlackOnlyOnError bool   `gcfg:"slack-only-on-error" mapstructure:"slack-only-on-error"`
 }
 

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,14 @@ type TestJob struct {`
`50`	`50`	`core.BareJob`
`51`	`51`	`}`
`52`	`52`
	`53`	`+type TestJobConfig struct {`
	`54`	`+ TestJob`
	`55`	`+ MailConfig`
	`56`	`+ OverlapConfig`
	`57`	`+ SaveConfig`
	`58`	`+ SlackConfig`
	`59`	`+}`
	`60`	`+`
`53`	`61`	`func (j TestJob) Run(ctx core.Context) error {`
`54`	`62`	`return nil`
`55`	`63`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ var (`
`17`	`17`
`18`	`18`	`// SlackConfig configuration for the Slack middleware`
`19`	`19`	`type SlackConfig struct {`
`20`		- SlackWebhook string `gcfg:"slack-webhook" mapstructure:"slack-webhook"`
	`20`	+ SlackWebhook string `gcfg:"slack-webhook" mapstructure:"slack-webhook" json:"-"`
`21`	`21`	SlackOnlyOnError bool `gcfg:"slack-only-on-error" mapstructure:"slack-only-on-error"`
`22`	`22`	`}`
`23`	`23`