Add support to hide password from validation URL (#351)

deepjyoti30 · siddharthlatest · web-flow · commit 29b95138dded · 2022-11-08T12:21:38.000+05:30
* Add support to hide password from validation URL

* Update util/es_logger.go

Co-authored-by: Siddharth Kothari &lt;sids.aquarius@gmail.com&gt;
diff --git a/plugins/querytranslate/handlers.go b/plugins/querytranslate/handlers.go
@@ -366,7 +366,7 @@ func (r *QueryTranslate) validate() http.HandlerFunc {
 			validateMapToShow = append(validateMapToShow, map[string]interface{}{
 				"id": requestID,
 				"endpoint": map[string]interface{}{
-					"url":     request.URL.String(),
+					"url":     util.CleanPasswordFromURL(request.URL.String()),
 					"method":  methodUsed,
 					"headers": headersPassed,
 					"body":    bodyAsMap,
diff --git a/util/es_logger.go b/util/es_logger.go
@@ -57,16 +57,23 @@ func cleanSenstiveData(vars *[]interface{}) {
 			continue
 		}
 
-		// Check if URL
-		isURL, _ := regexp.MatchString(`^https?://(www.)?.+\..+$`, stringedVar)
-		if !isURL {
-			continue
-		}
-
-		// If it is an URL, clean it up
-		cleanerRe := regexp.MustCompile(`\/\/(?P<username>.+):.+@`)
-		cleanedVar := cleanerRe.ReplaceAllString(stringedVar, "//${username}:***@")
+		cleanedVar := CleanPasswordFromURL(stringedVar)
 
 		(*vars)[index] = cleanedVar
 	}
 }
+
+// CleanPasswordFromURL will clean password from the URL if
+// it is present
+func CleanPasswordFromURL(URL string) string {
+	// Check if URL
+	isURL, _ := regexp.MatchString(`^https?://(www.)?.+\..+$`, URL)
+	if !isURL {
+		return URL
+	}
+
+	// If it is an URL, clean it up
+	cleanerRe := regexp.MustCompile(`\/\/(?P<username>.+):.+@`)
+	cleanedVar := cleanerRe.ReplaceAllString(URL, "//${username}:********@")
+	return cleanedVar
+}
