diff --git a/ocaml/tests/dune b/ocaml/tests/dune index 7cc177ba586..0b3c93ed3ca 100644 --- a/ocaml/tests/dune +++ b/ocaml/tests/dune @@ -7,7 +7,7 @@ test_cluster_host test_cluster test_pusb test_network_sriov test_client test_valid_ref_list suite_alcotest_server test_vm_placement test_vm_helpers test_repository test_repository_helpers - test_ref test_vm_group + test_ref test_xapi_helpers test_vm_group test_livepatch test_rpm test_updateinfo test_storage_smapiv1_wrapper test_storage_quicktest test_observer test_pool_periodic_update_sync test_pkg_mgr)) (libraries @@ -79,13 +79,15 @@ (tests (names test_vm_helpers test_vm_placement test_network_sriov test_vdi_cbt test_clustering test_pusb test_daemon_manager test_repository test_repository_helpers - test_livepatch test_rpm test_updateinfo test_pool_periodic_update_sync test_pkg_mgr) + test_livepatch test_rpm test_updateinfo test_pool_periodic_update_sync test_pkg_mgr + test_xapi_helpers) (package xapi) (modes exe) (modules test_vm_helpers test_vm_placement test_network_sriov test_vdi_cbt test_event test_clustering test_cluster_host test_cluster test_pusb test_daemon_manager test_repository test_repository_helpers test_livepatch test_rpm - test_updateinfo test_pool_periodic_update_sync test_pkg_mgr) + test_updateinfo test_pool_periodic_update_sync test_pkg_mgr + test_xapi_helpers) (libraries alcotest fmt diff --git a/ocaml/tests/test_xapi_helpers.ml b/ocaml/tests/test_xapi_helpers.ml new file mode 100644 index 00000000000..172e5c6e6a1 --- /dev/null +++ b/ocaml/tests/test_xapi_helpers.ml @@ -0,0 +1,45 @@ +(* + * Copyright (C) Cloud Software Group, Inc + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published + * by the Free Software Foundation; version 2.1 only. with the special + * exception on linking described in file LICENSE. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + *) + +let strings = + [ + ("foobar", "foobar") + ; ("foobarproxy_username=password", "foobarproxy_username=(filtered)") + ; ("barfooproxy_password=secret", "barfooproxy_password=(filtered)") + ; ("password", "password") + ; ("username=password", "username=password") + ; ("password=password", "password=password") + ; ("proxy_username=", "proxy_username=(filtered)") + ] + +let filtering_test = + List.map + (fun (input, expected) -> + let test_filtering () = + let filtered = + match Helpers.filter_args [input] with x :: _ -> x | _ -> "" + in + Printf.printf "%s\n" input ; + Alcotest.(check string) "secrets must be filtered out" expected filtered + in + ( Printf.sprintf {|Validation of argument filtering of "%s"|} input + , `Quick + , test_filtering + ) + ) + strings + +let () = + Suite_init.harness_init () ; + Alcotest.run "Test XAPI Helpers suite" [("Test_xapi_helpers", filtering_test)] diff --git a/ocaml/xapi/helpers.ml b/ocaml/xapi/helpers.ml index 4d3cb36ebdd..e782bec8991 100644 --- a/ocaml/xapi/helpers.ml +++ b/ocaml/xapi/helpers.ml @@ -42,21 +42,15 @@ let log_exn_continue msg f x = type log_output = Always | Never | On_failure let filter_patterns = - [ - ( Re.Str.regexp "^\\(.*proxy_\\(username\\|password\\)=\\)\\(.*\\)$" - , "\\1(filtered)" - ) - ] + [(Re.Pcre.regexp "^(.*proxy_(username|password)=)(.*)$", "(filtered)")] let filter_args args = List.map (fun arg -> List.fold_left (fun acc (r, t) -> - if Re.Str.string_match r acc 0 then - Re.Str.replace_matched t acc - else - acc + try String.concat "" [(Re.Pcre.extract ~rex:r acc).(1); t] + with Not_found -> acc ) arg filter_patterns )