Merge pull request #1782 from weaveworks/1779-elide-service-token

Elide service-token when logging commandline arguments
2026-03-03 18:20:27 +00:00 · 2016-08-11 17:12:27 +01:00
parent 04349cc86d 0c3235ae3d
commit 22434616fa
3 changed files with 34 additions and 6 deletions
--- a/prog/app.go
+++ b/prog/app.go
@@ -6,7 +6,6 @@ import (
 	"net/http"
 	_ "net/http/pprof"
 	"net/url"
-	"os"
 	"regexp"
 	"runtime"
 	"strconv"
@@ -213,7 +212,7 @@ func appMain(flags appFlags) {
 	app.UniqueID = strconv.FormatInt(rand.Int63(), 16)
 	app.Version = version
 	log.Infof("app starting, version %s, ID %s", app.Version, app.UniqueID)
-	log.Infof("command line: %v", os.Args)
+	logCensoredArgs()

 	userIDer := multitenant.NoopUserIDer
 	if flags.userIDHeader != "" {
--- a/prog/main.go
+++ b/prog/main.go
@@ -17,7 +17,14 @@ import (
 	"github.com/weaveworks/weave/common"
 )

-var version = "dev" // set at build time
+var (
+	// set at build time
+	version = "dev"
+	// tokens to be elided when logging
+	serviceTokenFlag = "service-token"
+	probeTokenFlag   = "probe.token"
+	sensitiveFlags   = []string{serviceTokenFlag, probeTokenFlag}
+)

 type prefixFormatter struct {
 	prefix []byte
@@ -119,6 +126,28 @@ type appFlags struct {
 	consulInf       string
 }

+func logCensoredArgs() {
+	var prettyPrintedArgs string
+	// We show the flags followed by the args. This may change the original
+	// ordering. However the flag parser doesn't keep positioning
+	// information, not allowing for a more accurate reconstruction.
+	flag.Visit(func(f *flag.Flag) {
+		value := f.Value.String()
+		// omit sensitive information
+		for _, sensitiveFlag := range sensitiveFlags {
+			if f.Name == sensitiveFlag {
+				value = "<elided>"
+				break
+			}
+		}
+		prettyPrintedArgs += fmt.Sprintf(" --%s=%s", f.Name, value)
+	})
+	for _, arg := range flag.Args() {
+		prettyPrintedArgs += " " + arg
+	}
+	log.Infof("command line args:%s", prettyPrintedArgs)
+}
+
 func main() {
 	var (
 		flags         = flags{}
@@ -145,8 +174,8 @@ func main() {
 	flag.Bool("no-probe", false, "Don't run the probe.")

 	// Probe flags
-	flag.StringVar(&flags.probe.token, "service-token", "", "Token to use to authenticate with cloud.weave.works")
-	flag.StringVar(&flags.probe.token, "probe.token", "", "Token to use to authenticate with cloud.weave.works")
+	flag.StringVar(&flags.probe.token, serviceTokenFlag, "", "Token to use to authenticate with cloud.weave.works")
+	flag.StringVar(&flags.probe.token, probeTokenFlag, "", "Token to use to authenticate with cloud.weave.works")
 	flag.StringVar(&flags.probe.httpListen, "probe.http.listen", "", "listen address for HTTP profiling and instrumentation server")
 	flag.DurationVar(&flags.probe.publishInterval, "probe.publish.interval", 3*time.Second, "publish (output) interval")
 	flag.DurationVar(&flags.probe.spyInterval, "probe.spy.interval", time.Second, "spy (scan) interval")
--- a/prog/probe.go
+++ b/prog/probe.go
@@ -74,7 +74,7 @@ func probeMain(flags probeFlags) {
 	sig := metrics.DefaultInmemSignal(inm)
 	defer sig.Stop()
 	metrics.NewGlobal(metrics.DefaultConfig("scope-probe"), inm)
-
+	logCensoredArgs()
 	defer log.Info("probe exiting")

 	if flags.spyProcs && os.Getegid() != 0 {