mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
913a5904c8
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #38536 This PR moves all logic to create new activities to activity bounded context. The old service and ActivityModule methods are not facades that route to the new activity bounded context. The facades will be removed in a subsequent PR. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. ## Testing - [x] Added/updated automated tests - [x] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added webhook support for activity events with configurable endpoint and enable/disable settings. * Enhanced automation-initiated activity creation without requiring a user context. * Improved activity service architecture with centralized creation and management. * **Improvements** * Refactored activity creation to use a dedicated service layer for better separation of concerns. * Added support for host-specific and automation-originated activities. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
50 lines
1.2 KiB
Go
50 lines
1.2 KiB
Go
package http
|
|
|
|
import (
|
|
"errors"
|
|
"net/url"
|
|
"strings"
|
|
)
|
|
|
|
// MaskSecretURLParams masks URL query values if the query param name includes "secret", "token",
|
|
// "key", "password". It accepts a raw string and returns a redacted string if the raw string is
|
|
// URL-parseable. If it is not URL-parseable, the raw string is returned unchanged.
|
|
func MaskSecretURLParams(rawURL string) string {
|
|
u, err := url.Parse(rawURL)
|
|
if err != nil {
|
|
return rawURL
|
|
}
|
|
|
|
keywords := []string{"secret", "token", "key", "password"}
|
|
containsKeyword := func(s string) bool {
|
|
s = strings.ToLower(s)
|
|
for _, kw := range keywords {
|
|
if strings.Contains(s, kw) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
q := u.Query()
|
|
for k := range q {
|
|
if containsKeyword(k) {
|
|
q[k] = []string{"MASKED"}
|
|
}
|
|
}
|
|
u.RawQuery = q.Encode()
|
|
|
|
return u.Redacted()
|
|
}
|
|
|
|
// MaskURLError checks if the provided error is a *url.Error. If so, it applies MaskSecretURLParams
|
|
// to the URL value and returns the modified error. If not, the error is returned unchanged.
|
|
func MaskURLError(e error) error {
|
|
var ue *url.Error
|
|
ok := errors.As(e, &ue)
|
|
if !ok {
|
|
return e
|
|
}
|
|
ue.URL = MaskSecretURLParams(ue.URL)
|
|
return ue
|
|
}
|