Data scrubbing options for protecting sensitive data https://godoc.org/maze.io/x/scrub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

46 lines
1.0 KiB

package scrub
import (
"path/filepath"
"regexp"
"strings"
)
// Command scrubber for well-known (shell) commands.
var Command = CommandScrubber{
"mysql": {re(`-p(\s?\S+)`), re(`--password(?:[= ])(\S+)`)},
"mysqldump": {re(`-p(\s?\S+)`), re(`--password(?:[= ])(\S+)`)},
}
// CommandScrubber can scrub arguments for commands that contain password flags.
type CommandScrubber map[string][]*regexp.Regexp
func (cs CommandScrubber) Scrub(s string) string {
f := splitAfter(s, []rune(DefaultWhitespace))
for i, p := range f {
base := filepath.Base(strings.TrimSpace(p))
if args, ok := cs[base]; ok {
return strings.Join(f[:i+1], "") + cs.scrubArgs(strings.Join(f[i+1:], ""), args)
}
}
return s
}
func (cs CommandScrubber) scrubArgs(s string, args []*regexp.Regexp) string {
for _, arg := range args {
matches := arg.FindStringSubmatch(s)
if len(matches) > 0 {
for _, match := range matches[1:] {
s = strings.Replace(s, match, Replacement, 1)
}
}
}
return s
}
var envNames = []string{
"auth",
"password",
"passwd",
"secret",
}