From d72f7cfc123bd416316262d9e2b0b6db243728e8 Mon Sep 17 00:00:00 2001 From: Adam Nichols Date: Thu, 18 Jan 2024 11:04:53 -0500 Subject: [PATCH] Ha, this already exists --- common/src/main/scala/common/util/UriUtil.scala | 3 ++- .../src/main/scala/cromwell/backend/impl/tes/TesTask.scala | 7 +++---- .../test/scala/cromwell/backend/impl/tes/TesTaskSpec.scala | 6 ++++-- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/common/src/main/scala/common/util/UriUtil.scala b/common/src/main/scala/common/util/UriUtil.scala index 24625be1edb..f86a2d4f84c 100644 --- a/common/src/main/scala/common/util/UriUtil.scala +++ b/common/src/main/scala/common/util/UriUtil.scala @@ -84,7 +84,8 @@ object UriUtil { private val SensitiveKeyParts = List( "credential", - "signature" + "signature", + "sig" ) private def isSensitiveKey(name: String): Boolean = { diff --git a/supportedBackends/tes/src/main/scala/cromwell/backend/impl/tes/TesTask.scala b/supportedBackends/tes/src/main/scala/cromwell/backend/impl/tes/TesTask.scala index 47fc245e7d3..8803e445664 100644 --- a/supportedBackends/tes/src/main/scala/cromwell/backend/impl/tes/TesTask.scala +++ b/supportedBackends/tes/src/main/scala/cromwell/backend/impl/tes/TesTask.scala @@ -369,11 +369,10 @@ final case class Input(name: Option[String], content: Option[String] ) { override def toString: String = { - import akka.http.scaladsl.model.Uri + import common.util.StringUtil.EnhancedString - // Remove query that may contain SAS token - val cleanUrl = url map { Uri(_).copy(rawQueryString = None).toString() } - this.getClass.getName + Seq(name, description, cleanUrl, path, `type`, content).mkString("(",",",")") + // Mask SAS token signature in query + this.getClass.getName + Seq(name, description, url.map(_.maskSensitiveUri), path, `type`, content).mkString("(",",",")") } } diff --git a/supportedBackends/tes/src/test/scala/cromwell/backend/impl/tes/TesTaskSpec.scala b/supportedBackends/tes/src/test/scala/cromwell/backend/impl/tes/TesTaskSpec.scala index 49997533762..7dd0205855f 100644 --- a/supportedBackends/tes/src/test/scala/cromwell/backend/impl/tes/TesTaskSpec.scala +++ b/supportedBackends/tes/src/test/scala/cromwell/backend/impl/tes/TesTaskSpec.scala @@ -222,13 +222,15 @@ class TesTaskSpec extends AnyFlatSpec with CromwellTimeoutSpec with Matchers wit val input = Input( Option("asdf"), Option("asdf"), - url = Option("https://example.com?secret=Zardoz&password=Blah"), + url = Option("https://lz304a1e79fd7359e5327eda.blob.core.windows.net/sc-705b830a-d699-478e-9da6-49661b326e77" + + "?sv=2021-12-02&spr=https&st=2023-12-13T20%3A27%3A55Z&se=2023-12-14T04%3A42%3A55Z&sr=c&sp=racwdlt&sig=SECRET&rscd=foo"), "asdf", Option("asdf"), Option("asdf") ) - input.toString shouldBe "cromwell.backend.impl.tes.Input(Some(asdf),Some(asdf),Some(https://example.com),asdf,Some(asdf),Some(asdf))" + input.toString shouldBe "cromwell.backend.impl.tes.Input(Some(asdf),Some(asdf),Some(https://lz304a1e79fd7359e5327eda.blob.core.windows.net/sc-705b830a-d699-478e-9da6-49661b326e77" + + "?sv=2021-12-02&spr=https&st=2023-12-13T20:27:55Z&se=2023-12-14T04:42:55Z&sr=c&sp=racwdlt&sig=masked&rscd=foo),asdf,Some(asdf),Some(asdf))" } it should "not crash if the URL is missing" in {