Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor security logger #422

Merged
merged 1 commit into from Dec 16, 2022
Merged

Refactor security logger #422

merged 1 commit into from Dec 16, 2022

Conversation

SuperQ
Copy link
Contributor

@SuperQ SuperQ commented Dec 15, 2022
edited

Customize security logger to avoid logging secret values.

  • Add a new safe string printers.
  • Only log the safe strings.
  • Add some new type string generators.
  • Bump codeql0.

Signed-off-by: SuperQ superq@gmail.com

@SuperQ SuperQ requested a review from TimRots December 15, 2022 09:31
@SuperQ SuperQ force-pushed the superq/security-log branch 2 times, most recently from 3adb1e6 to f2ab7d6 Compare December 15, 2022 10:39
@SuperQ SuperQ force-pushed the superq/security-log branch 5 times, most recently from 2f729f9 to 556591f Compare December 15, 2022 21:43
@SuperQ
Copy link
Contributor Author

SuperQ commented Dec 15, 2022

Weird, the codeql didn't like it when I named the method String(). But is happy with SafeString().

@SuperQ SuperQ force-pushed the superq/security-log branch 3 times, most recently from c08c583 to 490db55 Compare December 15, 2022 22:12
@SuperQ
Refactor security logging
e2b77a3 
Customize security logger to avoid logging secret values.
* Add a new safe string printers.
* Only log the safe strings.
* Add some new type string generators.
* Bump codeql[0].

[0]: https://github.blog/changelog/2022-04-27-code-scanning-deprecation-of-codeql-action-v1/

Signed-off-by: SuperQ <superq@gmail.com>
@SuperQ SuperQ requested a review from TimRots December 15, 2022 22:20
@SuperQ
Copy link
Contributor Author

SuperQ commented Dec 15, 2022

Ok, this finally works correctly, please re-review.

TimRots
TimRots approved these changes Dec 16, 2022
View reviewed changes
Copy link
Member

@TimRots TimRots left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good 👍

@SuperQ SuperQ merged commit 1ed5795 into master Dec 16, 2022
@SuperQ SuperQ deleted the superq/security-log branch December 16, 2022 15:04
SuperQ added a commit that referenced this pull request Aug 28, 2023
@SuperQ
Release v1.36.0
58eaadd 
This release now requires Go 1.20 or higher.

* [ENHANCEMENT] Allow sending v1 traps that have no varbinds #426
* [BUGFIX] Fix getBulk SnmpPacket MaxRepetitions value #413
* [BUGFIX] Refactor security logger #422
* [BUGFIX] Add privacy passphrase in extendKeyBlumenthal cacheKey call #425
* [BUGFIX] unmarshal: fix panic from reading beyond slice #441

Signed-off-by: SuperQ <superq@gmail.com>
@SuperQ SuperQ mentioned this pull request Aug 28, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TimRots TimRots TimRots approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@SuperQ @TimRots