Merge branch '3596-extend-scrub-secrets-with-amz-credential' into 'master'

Filter content of X-AMX-Credential from logs Closes #3596 See merge request gitlab-org/gitlab-runner!1028

Merge branch '3596-extend-scrub-secrets-with-amz-credential' into 'master'
d6ef43e3 · Kamil Trzciński · Tomasz Maczukin · e5a7e9fe · d6ef43e3 · d6ef43e3
Unverified Commit d6ef43e3 authored 6 years ago by Kamil Trzciński Committed by Tomasz Maczukin 6 years ago
--- a/helpers/url/scrub_secrets.go
+++ b/helpers/url/scrub_secrets.go
@@ -4,7 +4,7 @@ import (
 	"regexp"
 )
-var scrubRegexp = regexp.MustCompile(`(?im)([\?&]((?:private|authenticity|rss)[\-_]token)|X-AMZ-Signature)=[^& ]*`)
+var scrubRegexp = regexp.MustCompile(`(?im)([\?&]((?:private|authenticity|rss)[\-_]token)|X-AMZ-Signature|X-AMZ-Credential)=[^& ]*`)
 // ScrubSecrets replaces the content of any sensitive query string parameters
 // in an URL with `[FILTERED]`

--- a/helpers/url/scrub_secrets_test.go
+++ b/helpers/url/scrub_secrets_test.go
@@ -13,6 +13,7 @@ func TestScrubSecrets(t *testing.T) {
 	}{
 		{input: "Get http://localhost/?id=123", output: "Get http://localhost/?id=123"},
 		{input: "Get http://localhost/?id=123&X-Amz-Signature=abcd1234&private_token=abcd1234", output: "Get http://localhost/?id=123&X-Amz-Signature=[FILTERED]&private_token=[FILTERED]"},
+		{input: "Get http://localhost/?id=123&X-Amz-Credential=ABCDEF123456%2F20180920%2Fus-east-1%2Fs3%2Faws4_request", output: "Get http://localhost/?id=123&X-Amz-Credential=[FILTERED]"},
 		{input: "Get http://localhost/?private_token=abcd1234 test", output: "Get http://localhost/?private_token=[FILTERED] test"},
 	}