#1104 Filter all sensitive command aliases in console filters
This commit is contained in:
ljacqu
parent
18d8186804
commit
922101d755
@ -1,17 +1,21 @@
|
|||||||
package fr.xephi.authme.output;
|
package fr.xephi.authme.output;
|
||||||
|
|
||||||
|
import com.google.common.annotations.VisibleForTesting;
|
||||||
import fr.xephi.authme.util.StringUtils;
|
import fr.xephi.authme.util.StringUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Service class for the log filters.
|
* Service class for the log filters.
|
||||||
*/
|
*/
|
||||||
public final class LogFilterHelper {
|
final class LogFilterHelper {
|
||||||
|
|
||||||
private static final String ISSUED_COMMAND_TEXT = "issued server command:";
|
private static final String ISSUED_COMMAND_TEXT = "issued server command:";
|
||||||
|
|
||||||
private static final String[] COMMANDS_TO_SKIP = {"/login ", "/l ", "/reg ", "/changepassword ",
|
@VisibleForTesting
|
||||||
"/unregister ", "/authme register ", "/authme changepassword ", "/authme reg ", "/authme cp ",
|
static final String[] COMMANDS_TO_SKIP = {
|
||||||
"/register "};
|
"/login ", "/l ", "/log ", "/register ", "/reg ", "/unregister ", "/unreg ",
|
||||||
|
"/changepassword ", "/cp ", "/changepass ", "/authme register ", "/authme reg ", "/authme r ",
|
||||||
|
"/authme changepassword ", "/authme password ", "/authme changepass ", "/authme cp "
|
||||||
|
};
|
||||||
|
|
||||||
private LogFilterHelper() {
|
private LogFilterHelper() {
|
||||||
// Util class
|
// Util class
|
||||||
@ -24,7 +28,7 @@ public final class LogFilterHelper {
|
|||||||
*
|
*
|
||||||
* @return True if it is a sensitive AuthMe command, false otherwise
|
* @return True if it is a sensitive AuthMe command, false otherwise
|
||||||
*/
|
*/
|
||||||
public static boolean isSensitiveAuthMeCommand(String message) {
|
static boolean isSensitiveAuthMeCommand(String message) {
|
||||||
if (message == null) {
|
if (message == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -0,0 +1,80 @@
|
|||||||
|
package fr.xephi.authme.output;
|
||||||
|
|
||||||
|
import com.google.common.base.Preconditions;
|
||||||
|
import fr.xephi.authme.command.CommandDescription;
|
||||||
|
import fr.xephi.authme.command.CommandInitializer;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
|
import static org.hamcrest.Matchers.containsInAnyOrder;
|
||||||
|
import static org.junit.Assert.assertThat;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test for {@link LogFilterHelper}.
|
||||||
|
*/
|
||||||
|
public class LogFilterHelperTest {
|
||||||
|
|
||||||
|
private static final List<CommandDescription> ALL_COMMANDS = new CommandInitializer().getCommands();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks that {@link LogFilterHelper#COMMANDS_TO_SKIP} contains the entries we expect
|
||||||
|
* (commands with password argument).
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void shouldBlacklistAllSensitiveCommands() {
|
||||||
|
// given
|
||||||
|
List<CommandDescription> sensitiveCommands = Arrays.asList(
|
||||||
|
getCommand("register"), getCommand("login"), getCommand("changepassword"), getCommand("unregister"),
|
||||||
|
getCommand("authme", "register"), getCommand("authme", "changepassword")
|
||||||
|
);
|
||||||
|
// Build array with entries like "/register ", "/authme cp ", "/authme changepass "
|
||||||
|
String[] expectedEntries = sensitiveCommands.stream()
|
||||||
|
.map(cmd -> buildCommandSyntaxes(cmd))
|
||||||
|
.flatMap(List::stream)
|
||||||
|
.map(syntax -> syntax + " ")
|
||||||
|
.toArray(String[]::new);
|
||||||
|
|
||||||
|
// when / then
|
||||||
|
assertThat(Arrays.asList("test", "toast"), containsInAnyOrder("toast", "test"));
|
||||||
|
assertThat(Arrays.asList(LogFilterHelper.COMMANDS_TO_SKIP), containsInAnyOrder(expectedEntries));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
private static CommandDescription getCommand(String label) {
|
||||||
|
return findCommandWithLabel(label, ALL_COMMANDS);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static CommandDescription getCommand(String parentLabel, String childLabel) {
|
||||||
|
CommandDescription parent = getCommand(parentLabel);
|
||||||
|
return findCommandWithLabel(childLabel, parent.getChildren());
|
||||||
|
}
|
||||||
|
|
||||||
|
private static CommandDescription findCommandWithLabel(String label, List<CommandDescription> commands) {
|
||||||
|
return commands.stream()
|
||||||
|
.filter(cmd -> cmd.getLabels().contains(label))
|
||||||
|
.findFirst().orElseThrow(() -> new IllegalArgumentException(label));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns all "command syntaxes" from which the given command can be reached.
|
||||||
|
* For example, the result might be a List containing "/authme changepassword", "/authme changepass"
|
||||||
|
* and "/authme cp".
|
||||||
|
*
|
||||||
|
* @param command the command to build syntaxes for
|
||||||
|
* @return command syntaxes
|
||||||
|
*/
|
||||||
|
private static List<String> buildCommandSyntaxes(CommandDescription command) {
|
||||||
|
// assumes that parent can only have one label -> if this fails in the future, we need to revise this method
|
||||||
|
Preconditions.checkArgument(command.getParent() == null || command.getParent().getLabels().size() == 1);
|
||||||
|
|
||||||
|
String prefix = command.getParent() == null
|
||||||
|
? "/"
|
||||||
|
: "/" + command.getParent().getLabels().get(0) + " ";
|
||||||
|
return command.getLabels().stream()
|
||||||
|
.map(label -> prefix + label)
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user