BUG - Add apiKey sanitization from logs

[rtisma]

Problem

When the following command is performed

1. Dump the valid secrets into a yaml file k get secret song -o yaml > song-secret.yaml
2. Extract the score-accessToken secret and decode it: echo <encoded-secret> | tr -d '\n' | base64 -d
3. Base64 encode the secret WITHOUT stripping newline: echo <decoded-secret> | base64
4. Replace the score-accessToken field with the previous result and save the file
5. Apply new manifest k apply -f song-secret.yaml
6. Publish any analysis with your valid user apiKey obtained from platform, using the song-client

An error occurs as follows

SONG_SERVER_ERROR[unknown.error @ 1596207025550]: Request processing failed; nested exception is java.lang.IllegalArgumentException: Illegal character(s) in message header value: Bearer <decoded-secret>

Essentially, since the score accessToken had a newline at the end, it went down an unaccounted for spring-framework execution pathway, in which the exception message CONTAINS the secrets. This is not good, as it can expose secrets in logs.

In addition, song only intercepts exceptions of type ServerException. It should be intercepting all exceptions.

Solution

• For a request containing a bearer token, ensure its trimmed (i.e no whitespaces). A simple GenericFilter could do this
• In ServerExceptionHandler add a new handler for Throwable exceptions which masks tokens from the exception message.
• For all responses that contain a body and has a request containing a bearer token, ensure the token is masked from the output. This can be done more globally, by adding a GenericFilter, which will modify ANY response. This is a safety net.

In this context, masking means taking the access token/apiKey and md5suming it and replacing it in the message.