cmd/tailscale: don't depend on regexp in minbox builds
Updates #12614 Updates #18562 Change-Id: Ife4f10c55d1d68569938ffd68ffe72eef889e200 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
committed by
Brad Fitzpatrick
Brad Fitzpatrick
parent
058cc3f82b
commit
0c5b17c1d3
@@ -6,6 +6,7 @@
|
|||||||
package cli
|
package cli
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
@@ -14,7 +15,6 @@ import (
|
|||||||
"io"
|
"io"
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
"regexp"
|
|
||||||
"runtime"
|
"runtime"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
@@ -582,11 +582,32 @@ type sanitizeWriter struct {
|
|||||||
w io.Writer
|
w io.Writer
|
||||||
}
|
}
|
||||||
|
|
||||||
var rxTskey = regexp.MustCompile(`tskey-[\w-]+`)
|
// Write logically replaces /tskey-[A-Za-z0-9-]+/ with /tskey-XXXX.../ in buf
|
||||||
|
// before writing to the underlying writer.
|
||||||
|
//
|
||||||
|
// We avoid the "regexp" package to not bloat the minbox build, and without
|
||||||
|
// making this a featuretag-omittable protection.
|
||||||
func (w sanitizeWriter) Write(buf []byte) (int, error) {
|
func (w sanitizeWriter) Write(buf []byte) (int, error) {
|
||||||
sanitized := rxTskey.ReplaceAll(buf, []byte("tskey-REDACTED"))
|
const prefix = "tskey-"
|
||||||
diff := len(sanitized) - len(buf)
|
scrub := buf
|
||||||
n, err := w.w.Write(sanitized)
|
for {
|
||||||
return n - diff, err
|
i := bytes.Index(scrub, []byte(prefix))
|
||||||
|
if i == -1 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
scrub = scrub[i+len(prefix):]
|
||||||
|
|
||||||
|
for i, b := range scrub {
|
||||||
|
if (b >= 'a' && b <= 'z') ||
|
||||||
|
(b >= 'A' && b <= 'Z') ||
|
||||||
|
(b >= '0' && b <= '9') ||
|
||||||
|
b == '-' {
|
||||||
|
scrub[i] = 'X'
|
||||||
|
} else {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return w.w.Write(buf)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1804,8 +1804,8 @@ func TestSanitizeWriter(t *testing.T) {
|
|||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
w := sanitizeOutput(buf)
|
w := sanitizeOutput(buf)
|
||||||
|
|
||||||
in := []byte(`my auth key is tskey-auth-abc123-def456, what's yours?`)
|
in := []byte(`my auth key is tskey-auth-abc123-def456 and tskey-foo, what's yours?`)
|
||||||
want := []byte(`my auth key is tskey-REDACTED, what's yours?`)
|
want := []byte(`my auth key is tskey-XXXXXXXXXXXXXXXXXX and tskey-XXX, what's yours?`)
|
||||||
n, err := w.Write(in)
|
n, err := w.Write(in)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
|
|||||||
@@ -420,8 +420,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
|
|||||||
path from io/fs+
|
path from io/fs+
|
||||||
path/filepath from crypto/x509+
|
path/filepath from crypto/x509+
|
||||||
reflect from crypto/x509+
|
reflect from crypto/x509+
|
||||||
regexp from tailscale.com/cmd/tailscale/cli
|
|
||||||
regexp/syntax from regexp
|
|
||||||
runtime from crypto/internal/fips140+
|
runtime from crypto/internal/fips140+
|
||||||
runtime/debug from github.com/klauspost/compress/zstd+
|
runtime/debug from github.com/klauspost/compress/zstd+
|
||||||
slices from crypto/tls+
|
slices from crypto/tls+
|
||||||
|
|||||||
@@ -294,6 +294,7 @@ func TestMinTailscaledWithCLI(t *testing.T) {
|
|||||||
"tailscale.com/clientupdate/distsign": "unexpected distsign dep",
|
"tailscale.com/clientupdate/distsign": "unexpected distsign dep",
|
||||||
"archive/tar": "unexpected archive/tar dep",
|
"archive/tar": "unexpected archive/tar dep",
|
||||||
"tailscale.com/feature/conn25": "unexpected conn25 dep",
|
"tailscale.com/feature/conn25": "unexpected conn25 dep",
|
||||||
|
"regexp": "unexpected regexp dep; bloats binary",
|
||||||
},
|
},
|
||||||
}.Check(t)
|
}.Check(t)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user