improve regex to redact password, including unit tests

mbussolotto · mbussolotto · commit 9507eec7e9ec · 2025-05-19T17:10:01.000+02:00
diff --git a/mgradm/shared/utils/cmd_utils.go b/mgradm/shared/utils/cmd_utils.go
@@ -281,7 +281,7 @@ func AddPgsqlFlags(cmd *cobra.Command) {
 	AddContainerImageFlags(cmd, "pgsql", L("PostgreSQL Database"), "pgsql-container", "server-postgresql")
 }
 
-// AddServerFlags add flags common to install, upgrade and migrate.
+// AddServerFlags add flags common to install.
 func AddServerFlags(cmd *cobra.Command) {
 	AddImageFlag(cmd)
 	AddSCCFlag(cmd)
diff --git a/shared/utils/logUtils.go b/shared/utils/logUtils.go
@@ -19,7 +19,7 @@ import (
 	"gopkg.in/natefinch/lumberjack.v2"
 )
 
-var redactRegex = regexp.MustCompile(`([pP]assword[\t :"\\]+)[^\t "\\]+`)
+var redactRegex = regexp.MustCompile(`([pP]assword[\t :"\\]+)[^\\][^\t "\\]+`)
 
 // The default directory where log files are written.
 const logDir = "/var/log/"
diff --git a/shared/utils/logUtils_test.go b/shared/utils/logUtils_test.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2024 SUSE LLC
+// SPDX-FileCopyrightText: 2025 SUSE LLC
 //
 // SPDX-License-Identifier: Apache-2.0
 
@@ -28,6 +28,14 @@ func TestRedact(t *testing.T) {
 			`{"adminLogin":"admin","adminPassword":"secret","email":"no@email.com"}`,
 			`{"adminLogin":"admin","adminPassword":"<REDACTED>","email":"no@email.com"}`,
 		},
+		{
+			`password\n`,
+			`password\n`,
+		},
+		{
+			`\"password\": \"foo\"`,
+			`\"password\": \"<REDACTED>\"`,
+		},
 	}
 
 	for i, testCase := range data {
diff --git a/uyuni-tools.changes.mbussolotto.cert_escape_char b/uyuni-tools.changes.mbussolotto.cert_escape_char
@@ -0,0 +1 @@
+- During migration, improve info about usage on ssl-password and logs(bsc#1243009)

Original file line number	Diff line number	Diff line change
`@@ -281,7 +281,7 @@ func AddPgsqlFlags(cmd *cobra.Command) {`
`281`	`281`	`AddContainerImageFlags(cmd, "pgsql", L("PostgreSQL Database"), "pgsql-container", "server-postgresql")`
`282`	`282`	`}`
`283`	`283`
`284`		`-// AddServerFlags add flags common to install, upgrade and migrate.`
	`284`	`+// AddServerFlags add flags common to install.`
`285`	`285`	`func AddServerFlags(cmd *cobra.Command) {`
`286`	`286`	`AddImageFlag(cmd)`
`287`	`287`	`AddSCCFlag(cmd)`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ import (`
`19`	`19`	`"gopkg.in/natefinch/lumberjack.v2"`
`20`	`20`	`)`
`21`	`21`
`22`		-var redactRegex = regexp.MustCompile(`([pP]assword[\t :"\\]+)[^\t "\\]+`)
	`22`	+var redactRegex = regexp.MustCompile(`([pP]assword[\t :"\\]+)[^\\][^\t "\\]+`)
`23`	`23`
`24`	`24`	`// The default directory where log files are written.`
`25`	`25`	`const logDir = "/var/log/"`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+- During migration, improve info about usage on ssl-password and logs(bsc#1243009)`