Merge pull request #195 from xBlaz3kx/fix/redact-password

Fix: Redact password from URL

Author: wagslane

internal/connectionmanager/connection_manager.go

@@ -3,6 +3,7 @@ package connectionmanager
 import (
 	"errors"
 	"fmt"
+	"net/url"
 	"sync"
 	"time"
 
@@ -42,12 +43,17 @@ func dial(log logger.Logger, resolver Resolver, conf amqp.Config) (*amqp.Connect
 		if err == nil {
 			return conn, err
 		}
-		log.Warnf("failed to connect to amqp server %s: %v", url, err)
+		log.Warnf("failed to connect to amqp server %s: %v", maskPassword(url), err)
 		errs = append(errs, err)
 	}
 	return nil, errors.Join(errs...)
 }
 
+func maskPassword(urlToMask string) string {
+	parsedUrl, _ := url.Parse(urlToMask)
+	return parsedUrl.Redacted()
+}
+
 // NewConnectionManager creates a new connection manager
 func NewConnectionManager(resolver Resolver, conf amqp.Config, log logger.Logger, reconnectInterval time.Duration) (*ConnectionManager, error) {
 	conn, err := dial(log, resolver, amqp.Config(conf))

internal/connectionmanager/connection_manager_test.go

@@ -0,0 +1,40 @@
+package connectionmanager
+
+import "testing"
+
+func Test_maskUrl(t *testing.T) {
+	tests := []struct {
+		name     string
+		url      string
+		expected string
+	}{
+		{
+			name:     "No username or password",
+			url:      "amqp://localhost",
+			expected: "amqp://localhost",
+		},
+		{
+			name:     "With username and password",
+			url:      "amqp://user:password@localhost",
+			expected: "amqp://user:xxxxx@localhost",
+		},
+		{
+			name:     "With username and password and query params",
+			url:      "amqp://user:password@localhost?heartbeat=60",
+			expected: "amqp://user:xxxxx@localhost?heartbeat=60",
+		},
+		{
+			name:     "Invalid URL",
+			url:      "invalidUrl",
+			expected: "invalidUrl",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if maskPassword(tt.url) != tt.expected {
+				t.Errorf("masked password = %v, but wanted %v", maskPassword(tt.url), tt.expected)
+			}
+		})
+	}
+}