archives/snowflake
2
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git synced 2025-10-13 20:11:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Sanitize IP addresses from server log output

Browse source 
Added a scrubber that takes all logging output to the standard logger
and passes through a series of regular expressions to replace IP
addresses with safe strings (e.g., X.X.X.X:443).

Ensure server logs to stdout are also scrubbed
This commit is contained in:
Cecylia Bocovich 2019-03-20 15:50:55 -04:00
parent 88f282c733
commit f586a4bab8
2 changed files with 51 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

25
server/server_test.go
View file

@ -1,6 +1,8 @@
package main
import (
"bytes"
"log"
"net"
"strconv"
"testing"
@ -47,3 +49,26 @@ func TestClientAddr(t *testing.T) {
}
}
}
func TestLogScrubber(t *testing.T) {
var buff bytes.Buffer
scrubber := &logScrubber{&buff}
log.SetFlags(0) //remove all extra log output for test comparisons
log.SetOutput(scrubber)
log.Printf("%s", "http: TLS handshake error from 129.97.208.23:38310:")
if bytes.Compare(buff.Bytes(), []byte("http: TLS handshake error from X.X.X.X:38310:\n")) != 0 {
t.Errorf("log scrubber didn't scrub IPv4 address. Output: %s", string(buff.Bytes()))
}
buff.Reset()
log.Printf("%s", "http2: panic serving [2620:101:f000:780:9097:75b1:519f:dbb8]:58344: interface conversion: *http2.responseWriter is not http.Hijacker: missing method Hijack")
if bytes.Compare(buff.Bytes(), []byte("http2: panic serving [X:X:X:X:X:X:X:X]:58344: interface conversion: *http2.responseWriter is not http.Hijacker: missing method Hijack\n")) != 0 {
t.Errorf("log scrubber didn't scrub IPv6 address. Output: %s", string(buff.Bytes()))
}
buff.Reset()
}