From eb9daf960b8074c560e2d1a26062cf0ecc3056f1 Mon Sep 17 00:00:00 2001 From: Roman Iuvshyn Date: Tue, 28 Jan 2020 17:43:55 +0200 Subject: [PATCH 1/5] Please do not print sensitive data in to logs. Please do not print sensitive data in to logs. --- out_s3.go | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/out_s3.go b/out_s3.go index 842ea05..7ab865c 100644 --- a/out_s3.go +++ b/out_s3.go @@ -186,17 +186,17 @@ func newS3Output(ctx unsafe.Pointer, operatorID int) (*s3operator, error) { } logger := newLogger(config.logLevel) - logger.Infof("[flb-go %d] Starting fluent-bit-go-s3: %v\n", operatorID, version.Info()) - logger.Infof("[flb-go %d] plugin credential parameter = '%s'\n", operatorID, credential) - logger.Infof("[flb-go %d] plugin accessKeyID parameter = '%s'\n", operatorID, accessKeyID) - logger.Infof("[flb-go %d] plugin secretAccessKey parameter = '%s'\n", operatorID, secretAccessKey) - logger.Infof("[flb-go %d] plugin bucket parameter = '%s'\n", operatorID, bucket) - logger.Infof("[flb-go %d] plugin s3prefix parameter = '%s'\n", operatorID, s3prefix) - logger.Infof("[flb-go %d] plugin region parameter = '%s'\n", operatorID, region) - logger.Infof("[flb-go %d] plugin compress parameter = '%s'\n", operatorID, compress) - logger.Infof("[flb-go %d] plugin endpoint parameter = '%s'\n", operatorID, endpoint) - logger.Infof("[flb-go %d] plugin autoCreateBucket parameter = '%s'\n", operatorID, autoCreateBucket) - logger.Infof("[flb-go %d] plugin timeZone parameter = '%s'\n", operatorID, timeZone) + logger.Infof("[flb-go %d] Starting fluent-bit-go-s3: %v", operatorID, version.Info()) + logger.Infof("[flb-go %d] plugin credential parameter = '%s'", operatorID, credential) + logger.Infof("[flb-go %d] plugin accessKeyID parameter = '%s'", operatorID, accessKeyID[:2] + "..." + accessKeyID[len(accessKeyID)-2:]) + logger.Infof("[flb-go %d] plugin secretAccessKey parameter = '%s'", operatorID, secretAccessKey[:2] + "..." + secretAccessKey[len(secretAccessKey)-2:]) + logger.Infof("[flb-go %d] plugin bucket parameter = '%s'", operatorID, bucket) + logger.Infof("[flb-go %d] plugin s3prefix parameter = '%s'", operatorID, s3prefix) + logger.Infof("[flb-go %d] plugin region parameter = '%s'", operatorID, region) + logger.Infof("[flb-go %d] plugin compress parameter = '%s'", operatorID, compress) + logger.Infof("[flb-go %d] plugin endpoint parameter = '%s'", operatorID, endpoint) + logger.Infof("[flb-go %d] plugin autoCreateBucket parameter = '%s'", operatorID, autoCreateBucket) + logger.Infof("[flb-go %d] plugin timeZone parameter = '%s'", operatorID, timeZone) cfg := aws.Config{ Credentials: config.credentials, From 96c22805e60b12c1b85a5063609c71486ff0457f Mon Sep 17 00:00:00 2001 From: Roman Iuvshyn Date: Tue, 28 Jan 2020 18:10:28 +0200 Subject: [PATCH 2/5] fixup --- out_s3.go | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/out_s3.go b/out_s3.go index 7ab865c..28e021b 100644 --- a/out_s3.go +++ b/out_s3.go @@ -188,8 +188,8 @@ func newS3Output(ctx unsafe.Pointer, operatorID int) (*s3operator, error) { logger.Infof("[flb-go %d] Starting fluent-bit-go-s3: %v", operatorID, version.Info()) logger.Infof("[flb-go %d] plugin credential parameter = '%s'", operatorID, credential) - logger.Infof("[flb-go %d] plugin accessKeyID parameter = '%s'", operatorID, accessKeyID[:2] + "..." + accessKeyID[len(accessKeyID)-2:]) - logger.Infof("[flb-go %d] plugin secretAccessKey parameter = '%s'", operatorID, secretAccessKey[:2] + "..." + secretAccessKey[len(secretAccessKey)-2:]) + logger.Infof("[flb-go %d] plugin accessKeyID parameter = '%s'", operatorID, obfuscateLog(accessKeyID)) + logger.Infof("[flb-go %d] plugin secretAccessKey parameter = '%s'", operatorID, obfuscateLog(secretAccessKey)) logger.Infof("[flb-go %d] plugin bucket parameter = '%s'", operatorID, bucket) logger.Infof("[flb-go %d] plugin s3prefix parameter = '%s'", operatorID, s3prefix) logger.Infof("[flb-go %d] plugin region parameter = '%s'", operatorID, region) @@ -367,5 +367,19 @@ func FLBPluginExit() int { return output.FLB_OK } +func obfuscateLog(message string) string { + res := "" + msgLen := len(message) + if message != "" { + if msgLen >= 3 { + res = message[:1] + "..." + message[msgLen-1:] + } else if msgLen < 3 && msgLen > 0 { + res = message[:1] + "..." + } + } + + return res +} + func main() { } From 54db8287df5081d490b9d463e560a71287f8b881 Mon Sep 17 00:00:00 2001 From: Roman Iuvshyn Date: Tue, 28 Jan 2020 18:16:19 +0200 Subject: [PATCH 3/5] Update out_s3.go --- out_s3.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/out_s3.go b/out_s3.go index 28e021b..74e37dc 100644 --- a/out_s3.go +++ b/out_s3.go @@ -235,7 +235,7 @@ func newS3Output(ctx unsafe.Pointer, operatorID int) (*s3operator, error) { func addS3Output(ctx unsafe.Pointer) error { operatorID := len(s3operators) - logger.Infof("[s3operator] id = %d\n", operatorID) + logger.Infof("[s3operator] id = %d", operatorID) // Set the context to point to any Go variable output.FLBPluginSetContext(ctx, operatorID) operator, err := newS3Output(ctx, operatorID) @@ -258,7 +258,7 @@ func getS3Operator(ctx unsafe.Pointer) *s3operator { func FLBPluginInit(ctx unsafe.Pointer) int { err := addS3Output(ctx) if err != nil { - logger.Infof("Error: %s\n", err) + logger.Infof("Error: %s", err) plugin.Unregister(ctx) plugin.Exit(1) return output.FLB_ERROR @@ -289,7 +289,7 @@ func FLBPluginFlushCtx(ctx, data unsafe.Pointer, length C.int, tag *C.char) int line, err := createJSON(record) if err != nil { - s3operator.logger.Warnf("error creating message for S3: %v\n", err) + s3operator.logger.Warnf("error creating message for S3: %v", err) continue } lines += line + "\n" @@ -298,7 +298,7 @@ func FLBPluginFlushCtx(ctx, data unsafe.Pointer, length C.int, tag *C.char) int objectKey := GenerateObjectKey(s3operator, time.Now()) err := plugin.Put(s3operator, objectKey, time.Now(), lines) if err != nil { - s3operator.logger.Warnf("error sending message for S3: %v\n", err) + s3operator.logger.Warnf("error sending message for S3: %v", err) return output.FLB_RETRY } From ed11adf61313c380720a40060f86f611346293fe Mon Sep 17 00:00:00 2001 From: Roman Iuvshyn Date: Tue, 28 Jan 2020 18:29:29 +0200 Subject: [PATCH 4/5] Update out_s3.go --- out_s3.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/out_s3.go b/out_s3.go index 74e37dc..14f15f5 100644 --- a/out_s3.go +++ b/out_s3.go @@ -370,10 +370,10 @@ func FLBPluginExit() int { func obfuscateLog(message string) string { res := "" msgLen := len(message) - if message != "" { + if msgLen > 0 { if msgLen >= 3 { res = message[:1] + "..." + message[msgLen-1:] - } else if msgLen < 3 && msgLen > 0 { + } else if msgLen < 3 { res = message[:1] + "..." } } From 0ca614e4baeb44b66c2f058d4aad264061b64897 Mon Sep 17 00:00:00 2001 From: Roman Iuvshyn Date: Tue, 28 Jan 2020 23:58:13 +0200 Subject: [PATCH 5/5] Update out_s3.go --- out_s3.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/out_s3.go b/out_s3.go index 14f15f5..02f6c64 100644 --- a/out_s3.go +++ b/out_s3.go @@ -188,8 +188,8 @@ func newS3Output(ctx unsafe.Pointer, operatorID int) (*s3operator, error) { logger.Infof("[flb-go %d] Starting fluent-bit-go-s3: %v", operatorID, version.Info()) logger.Infof("[flb-go %d] plugin credential parameter = '%s'", operatorID, credential) - logger.Infof("[flb-go %d] plugin accessKeyID parameter = '%s'", operatorID, obfuscateLog(accessKeyID)) - logger.Infof("[flb-go %d] plugin secretAccessKey parameter = '%s'", operatorID, obfuscateLog(secretAccessKey)) + logger.Infof("[flb-go %d] plugin accessKeyID parameter = '%s'", operatorID, obfuscateSecret(accessKeyID)) + logger.Infof("[flb-go %d] plugin secretAccessKey parameter = '%s'", operatorID, obfuscateSecret(secretAccessKey)) logger.Infof("[flb-go %d] plugin bucket parameter = '%s'", operatorID, bucket) logger.Infof("[flb-go %d] plugin s3prefix parameter = '%s'", operatorID, s3prefix) logger.Infof("[flb-go %d] plugin region parameter = '%s'", operatorID, region) @@ -367,7 +367,7 @@ func FLBPluginExit() int { return output.FLB_OK } -func obfuscateLog(message string) string { +func obfuscateSecret(message string) string { res := "" msgLen := len(message) if msgLen > 0 {