improved logging based on security code review

snowflakedb · Nov 29, 2017 · af9bc19 · af9bc19
1 parent 091b2a5
commit af9bc19
Show file tree

Hide file tree

Showing 7 changed files with 17 additions and 9 deletions.
diff --git a/auth.go b/auth.go
@@ -106,7 +106,6 @@ func postAuth(
 	}
 	defer resp.Body.Close()
 	if resp.StatusCode == http.StatusOK {
-		glog.V(3).Infof("postAuth: resp: %v", resp)
 		var respd authResponse
 		err = json.NewDecoder(resp.Body).Decode(&respd)
 		if err != nil {
@@ -228,7 +227,9 @@ func authenticate(
 		return
 	}
 
-	glog.V(2).Infof("PARAMS for Auth: %v, %v", params, sr)
+	glog.V(2).Infof("PARAMS for Auth: %v, %v, %v, %v, %v, %v",
+		params, sr.Protocol, sr.Host, sr.Port, sr.LoginTimeout, sr.Authenticator)
+
 	respd, err := sr.FuncPostAuth(sr, params, headers, jsonBody, sr.LoginTimeout)
 	if err != nil {
 		return nil, err

diff --git a/authokta.go b/authokta.go
@@ -233,14 +233,12 @@ func postAuthSAML(
 		}
 		return &respd, nil
 	}
-	b, err := ioutil.ReadAll(resp.Body)
+	_, err = ioutil.ReadAll(resp.Body)
 	if err != nil {
 		glog.V(1).Infof("failed to extract HTTP response body. err: %v", err)
 		glog.Flush()
 		return nil, err
 	}
-	glog.V(1).Infof("HTTP: %v, URL: %v, Body: %v", resp.StatusCode, fullURL, b)
-	glog.V(1).Infof("Header: %v", resp.Header)
 	glog.Flush()
 	return nil, &SnowflakeError{
 		Number:      ErrFailedToAuthSAML,

diff --git a/driver.go b/driver.go
@@ -36,7 +36,8 @@ func (d SnowflakeDriver) Open(dsn string) (driver.Conn, error) {
 	}
 	if proxyURL != nil {
 		st.Proxy = http.ProxyURL(proxyURL)
-		glog.V(2).Infof("proxy: %v", proxyURL)
+		glog.V(2).Infof("proxy: %v, %v, %v, %v",
+			proxyURL.Scheme, proxyURL.Host, proxyURL.Port, proxyURL.User)
 	}
 	// authenticate
 	sc.rest = &snowflakeRestful{
@@ -92,7 +93,6 @@ func (d SnowflakeDriver) Open(dsn string) (driver.Conn, error) {
 		sc.cleanup()
 		return nil, err
 	}
-	glog.V(2).Infof("Auth Data: %v", authData)
 	err = d.validateDefaultParameters(authData.SessionInfo.DatabaseName, &sc.cfg.Database)
 	if err != nil {
 		return nil, err

diff --git a/dsn.go b/dsn.go
@@ -236,7 +236,6 @@ func ParseDSN(dsn string) (cfg *Config, err error) {
 		return nil, err
 	}
 	cfg.Warehouse = s
-	glog.V(2).Infof("ParseDSN: %v\n", cfg) // TODO: hide password
 	return cfg, nil
 }
 

diff --git a/log.go b/log.go
@@ -13,6 +13,11 @@ func (glogWrapper) V(int) glogWrapper {
 	return glogWrapper{}
 }
 
+// Check if the logging is enabled. Returns always False by default
+func (glogWrapper) IsEnabled(int) bool {
+	return false
+}
+
 // Flush emulates the glog.Flush() call
 func (glogWrapper) Flush() {}
 

diff --git a/log_debug.go b/log_debug.go
@@ -17,6 +17,10 @@ func (l *glogWrapper) V(level int32) glogWrapper {
 	return glogWrapper{logger.V(logger.Level(level))}
 }
 
+func (l *glogWrapper) IsEnabled(level int32) bool {
+	return bool(logger.V(logger.Level(level)))
+}
+
 // Flush calls flush on the underlying logger
 func (l *glogWrapper) Flush() {
 	logger.Flush()

diff --git a/ocsp.go b/ocsp.go
@@ -373,8 +373,9 @@ func getRevocationStatus(wg *sync.WaitGroup, ocspStatusChan chan<- *ocspStatus,
 	proxyURL, _ := proxyURL(proxyHost, proxyPort, proxyUser, proxyPassword)
 	st := snowflakeInsecureTransport
 	if proxyURL != nil {
-		glog.V(2).Infof("proxy: %v\n", proxyURL)
 		st.Proxy = http.ProxyURL(proxyURL)
+		glog.V(2).Infof("proxy: %v, %v, %v, %v",
+			proxyURL.Scheme, proxyURL.Host, proxyURL.Port, proxyURL.User)
 	}
 	ocspClient := &http.Client{
 		Timeout:   30 * time.Second,