diff options
| author | Joseph Hunkeler <jhunkeler@gmail.com> | 2024-04-15 13:33:36 -0400 |
|---|---|---|
| committer | Joseph Hunkeler <jhunkeler@gmail.com> | 2024-04-15 13:33:36 -0400 |
| commit | cabcd35daa18bb883f0d348b2adf93c5828af69f (patch) | |
| tree | a8a1c2e5142662244fcab2e928754dc48db05e4b /src | |
| parent | 208962dfdbd24788a6decf1839ecbbf584fb2e09 (diff) | |
| download | stasis-cabcd35daa18bb883f0d348b2adf93c5828af69f.tar.gz | |
Move artifactory authentication redaction code into its own function: redact_sensitive()
Diffstat (limited to 'src')
| -rw-r--r-- | src/artifactory.c | 16 | ||||
| -rw-r--r-- | src/utils.c | 28 |
2 files changed, 31 insertions, 13 deletions
diff --git a/src/artifactory.c b/src/artifactory.c index 437912d..a23af98 100644 --- a/src/artifactory.c +++ b/src/artifactory.c @@ -224,9 +224,6 @@ int jfrog_cli(struct JFRT_Auth *auth, char *args) { return -1; } - snprintf(cmd, sizeof(cmd) - 1, "jf %s %s", args, auth_args); - strcpy(cmd_redacted, cmd); - const char *redactable[] = { "--access-token=", "--ssh-key-path=", @@ -236,16 +233,9 @@ int jfrog_cli(struct JFRT_Auth *auth, char *args) { "--password=", NULL, }; - for (size_t i = 0; redactable[i] != NULL; i++) { - char *thing = strstr(cmd_redacted, redactable[i]); - if (thing) { - thing += strlen(redactable[i]); - while (*thing != '\0' && !isspace(*thing)) { - *thing = 'x'; - ++thing; - } - } - } + snprintf(cmd, sizeof(cmd) - 1, "jf %s %s", args, auth_args); + redact_sensitive(redactable, cmd, cmd_redacted, sizeof(cmd_redacted) - 1); + guard_free(auth_args); guard_strlist_free(&arg_map); diff --git a/src/utils.c b/src/utils.c index d24e32d..d41400e 100644 --- a/src/utils.c +++ b/src/utils.c @@ -686,3 +686,31 @@ char *collapse_whitespace(char **s) { return *s; } + +int redact_sensitive(const char **to_redact, char *src, char *dest, size_t maxlen) { + char **parts = split(src, " ", 0); + if (!parts) { + fprintf(stderr, "Unable to split source string\n"); + return -1; + } + + for (size_t i = 0; to_redact[i] != NULL; i++) { + for (size_t p = 0; parts[p] != NULL; p++) { + if (strstr(parts[p], to_redact[i])) { + replace_text(parts[p], to_redact[i], "***REDACTED***", REPLACE_TRUNCATE_AFTER_MATCH); + } + } + } + + char *dest_tmp = join(parts, " "); + if (!dest_tmp) { + fprintf(stderr, "Unable to join message array\n"); + return -1; + } + strncpy(dest, dest_tmp, maxlen); + + GENERIC_ARRAY_FREE(parts); + guard_free(dest_tmp); + return 0; +} + |