From 11d65d8435db4528121f03c1c858a3328cefd14a Mon Sep 17 00:00:00 2001
From: Nick Hale <4175918+njhale@users.noreply.github.com>
Date: Tue, 1 Aug 2023 11:03:32 -0400
Subject: [PATCH] Redact sensitive info before logging build messages

This prevents credential leakage when using higher log levels during
builds.

Signed-off-by: Nick Hale <4175918+njhale@users.noreply.github.com>
---
 pkg/buildclient/messages.go | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/pkg/buildclient/messages.go b/pkg/buildclient/messages.go
index 04c79da0a..fa114aa9f 100644
--- a/pkg/buildclient/messages.go
+++ b/pkg/buildclient/messages.go
@@ -199,7 +199,7 @@ func (m *WebsocketMessages) run(ctx context.Context) error {
 		if err := m.conn.ReadJSON(msg); err != nil {
 			return err
 		}
-		logrus.Tracef("Read build message %s", msg)
+		logrus.Tracef("Read build message %s", redact(msg))
 		if m.handler != nil {
 			if err := m.handler(msg); err != nil {
 				return err
@@ -229,8 +229,26 @@ func (m *WebsocketMessages) Recv() (<-chan *Message, func()) {
 }
 
 func (m *WebsocketMessages) Send(msg *Message) error {
-	logrus.Tracef("Send build message %s", msg)
+	logrus.Tracef("Send build message %s", redact(msg))
 	m.lock.Lock()
 	defer m.lock.Unlock()
 	return m.conn.WriteJSON(msg)
 }
+
+// redact returns a Message with all sensitive information redacted.
+// Use this to prep a Message for logging.
+func redact(msg *Message) *Message {
+	if msg == nil {
+		return nil
+	}
+
+	redacted := *msg
+	if redacted.RegistryAuth != nil {
+		redacted.RegistryAuth = &apiv1.RegistryAuth{
+			Username: "REDACTED",
+			Password: "REDACTED",
+		}
+	}
+
+	return &redacted
+}