From 4c77a5e2e8a12021fbb789cb7acac6a1054de288 Mon Sep 17 00:00:00 2001 From: Andrii Sultanov Date: Mon, 22 Jul 2024 09:45:09 +0100 Subject: [PATCH 1/2] IH-662: Add tests for Helpers.filter_args Signed-off-by: Andrii Sultanov --- ocaml/tests/dune | 8 +++--- ocaml/tests/test_xapi_helpers.ml | 45 ++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 ocaml/tests/test_xapi_helpers.ml diff --git a/ocaml/tests/dune b/ocaml/tests/dune index d48056d3b70..831cc02ff87 100644 --- a/ocaml/tests/dune +++ b/ocaml/tests/dune @@ -6,7 +6,7 @@ (:standard \ test_daemon_manager test_vdi_cbt test_event test_clustering test_cluster_host test_cluster test_pusb test_network_sriov test_vm_placement test_vm_helpers test_repository test_repository_helpers - test_ref + test_ref test_xapi_helpers test_livepatch test_rpm test_updateinfo test_storage_smapiv1_wrapper test_storage_quicktest test_observer test_pool_periodic_update_sync test_pkg_mgr)) (libraries @@ -61,13 +61,15 @@ (tests (names test_vm_helpers test_vm_placement test_network_sriov test_vdi_cbt test_clustering test_pusb test_daemon_manager test_repository test_repository_helpers - test_livepatch test_rpm test_updateinfo test_pool_periodic_update_sync test_pkg_mgr) + test_livepatch test_rpm test_updateinfo test_pool_periodic_update_sync test_pkg_mgr + test_xapi_helpers) (package xapi) (modes exe) (modules test_vm_helpers test_vm_placement test_network_sriov test_vdi_cbt test_event test_clustering test_cluster_host test_cluster test_pusb test_daemon_manager test_repository test_repository_helpers test_livepatch test_rpm - test_updateinfo test_pool_periodic_update_sync test_pkg_mgr) + test_updateinfo test_pool_periodic_update_sync test_pkg_mgr + test_xapi_helpers) (libraries alcotest fmt diff --git a/ocaml/tests/test_xapi_helpers.ml b/ocaml/tests/test_xapi_helpers.ml new file mode 100644 index 00000000000..172e5c6e6a1 --- /dev/null +++ b/ocaml/tests/test_xapi_helpers.ml @@ -0,0 +1,45 @@ +(* + * Copyright (C) Cloud Software Group, Inc + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published + * by the Free Software Foundation; version 2.1 only. with the special + * exception on linking described in file LICENSE. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + *) + +let strings = + [ + ("foobar", "foobar") + ; ("foobarproxy_username=password", "foobarproxy_username=(filtered)") + ; ("barfooproxy_password=secret", "barfooproxy_password=(filtered)") + ; ("password", "password") + ; ("username=password", "username=password") + ; ("password=password", "password=password") + ; ("proxy_username=", "proxy_username=(filtered)") + ] + +let filtering_test = + List.map + (fun (input, expected) -> + let test_filtering () = + let filtered = + match Helpers.filter_args [input] with x :: _ -> x | _ -> "" + in + Printf.printf "%s\n" input ; + Alcotest.(check string) "secrets must be filtered out" expected filtered + in + ( Printf.sprintf {|Validation of argument filtering of "%s"|} input + , `Quick + , test_filtering + ) + ) + strings + +let () = + Suite_init.harness_init () ; + Alcotest.run "Test XAPI Helpers suite" [("Test_xapi_helpers", filtering_test)] From c148dbd1a7fa6201753ddd91318d2657da9afa7d Mon Sep 17 00:00:00 2001 From: Andrii Sultanov Date: Mon, 22 Jul 2024 09:51:34 +0100 Subject: [PATCH 2/2] IH-662 - helpers.ml: Move to a threadsafe Re.Pcre instead of Re.Str Signed-off-by: Andrii Sultanov --- ocaml/xapi/helpers.ml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/ocaml/xapi/helpers.ml b/ocaml/xapi/helpers.ml index 4d3cb36ebdd..e782bec8991 100644 --- a/ocaml/xapi/helpers.ml +++ b/ocaml/xapi/helpers.ml @@ -42,21 +42,15 @@ let log_exn_continue msg f x = type log_output = Always | Never | On_failure let filter_patterns = - [ - ( Re.Str.regexp "^\\(.*proxy_\\(username\\|password\\)=\\)\\(.*\\)$" - , "\\1(filtered)" - ) - ] + [(Re.Pcre.regexp "^(.*proxy_(username|password)=)(.*)$", "(filtered)")] let filter_args args = List.map (fun arg -> List.fold_left (fun acc (r, t) -> - if Re.Str.string_match r acc 0 then - Re.Str.replace_matched t acc - else - acc + try String.concat "" [(Re.Pcre.extract ~rex:r acc).(1); t] + with Not_found -> acc ) arg filter_patterns )