[#154] Add debug logging for rejected attachment types & strip meta-info from mime-type (#155)

This commit is contained in:
Knut Ahlers 2023-11-23 10:36:36 +01:00 committed by GitHub
parent eb2bce3119
commit dc47bf0861
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 20 additions and 2 deletions

View File

@ -3,6 +3,7 @@ package main
import (
"fmt"
"github.com/Luzifer/ots/pkg/client"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
)
@ -28,5 +29,7 @@ func rootPersistentPreRunE(cmd *cobra.Command, _ []string) error {
}
logrus.SetLevel(ll)
client.Logger = logrus.NewEntry(logrus.StandardLogger())
return nil
}

View File

@ -1,6 +1,8 @@
package main
import "os"
import (
"os"
)
func main() {
if err := rootCmd.Execute(); err != nil {

View File

@ -17,6 +17,7 @@ import (
"time"
"github.com/Luzifer/go-openssl/v4"
"github.com/sirupsen/logrus"
)
type (
@ -41,6 +42,10 @@ var HTTPClient HTTPClientIntf = http.DefaultClient
// source code.
var KeyDerivationFunc = openssl.NewPBKDF2Generator(sha512.New, 300000) //nolint:gomnd // that's the definition
// Logger can be set to enable logging from the library. By default
// all log-messages will be discarded.
var Logger *logrus.Entry
// PasswordLength defines the length of the generated encryption password
var PasswordLength = 20
@ -54,6 +59,12 @@ var RequestTimeout = 5 * time.Second
// provide an URL to useful information about your tool.
var UserAgent = "ots-client/1.x +https://github.com/Luzifer/ots"
func init() {
l := logrus.New()
l.SetOutput(io.Discard)
Logger = logrus.NewEntry(l)
}
// Create serializes the secret and creates a new secret on the
// instance given by its URL.
//

View File

@ -72,11 +72,12 @@ func SanityCheck(instanceURL string, secret Secret) error {
}
func attachmentAllowed(file SecretAttachment, allowed []string) bool {
mimeType, _, _ := strings.Cut(file.Type, ";")
for _, a := range allowed {
switch {
case mimeRegex.MatchString(a):
// That's a mime type
if glob.Glob(a, file.Type) {
if glob.Glob(a, mimeType) {
// The mime "glob" matches the file type
return true
}
@ -90,6 +91,7 @@ func attachmentAllowed(file SecretAttachment, allowed []string) bool {
}
}
Logger.WithField("content-type", mimeType).Debug("attachment type not allowed")
return false
}