github.com/influxdata/influxql@v1.1.0/sanitize.go

github.com/influxdata/influxql@v1.1.0/sanitize.go (about)

     1  package influxql
     2  
     3  import (
     4  	"bytes"
     5  	"regexp"
     6  )
     7  
     8  var (
     9  	sanitizeSetPassword = regexp.MustCompile(`(?i)password\s+for[^=]*=\s+(["']?[^\s"]+["']?)`)
    10  
    11  	sanitizeCreatePassword = regexp.MustCompile(`(?i)with\s+password\s+(["']?[^\s"]+["']?)`)
    12  )
    13  
    14  // Sanitize attempts to sanitize passwords out of a raw query.
    15  // It looks for patterns that may be related to the SET PASSWORD and CREATE USER
    16  // statements and will redact the password that should be there. It will attempt
    17  // to redact information from common invalid queries too, but it's not guaranteed
    18  // to succeed on improper queries.
    19  //
    20  // This function works on the raw query and attempts to retain the original input
    21  // as much as possible.
    22  func Sanitize(query string) string {
    23  	if matches := sanitizeSetPassword.FindAllStringSubmatchIndex(query, -1); matches != nil {
    24  		var buf bytes.Buffer
    25  		i := 0
    26  		for _, match := range matches {
    27  			buf.WriteString(query[i:match[2]])
    28  			buf.WriteString("[REDACTED]")
    29  			i = match[3]
    30  		}
    31  		buf.WriteString(query[i:])
    32  		query = buf.String()
    33  	}
    34  
    35  	if matches := sanitizeCreatePassword.FindAllStringSubmatchIndex(query, -1); matches != nil {
    36  		var buf bytes.Buffer
    37  		i := 0
    38  		for _, match := range matches {
    39  			buf.WriteString(query[i:match[2]])
    40  			buf.WriteString("[REDACTED]")
    41  			i = match[3]
    42  		}
    43  		buf.WriteString(query[i:])
    44  		query = buf.String()
    45  	}
    46  	return query
    47  }