Skip to content

Commit 308b762

Browse files
mxindenmxinden
authored
Merge pull request #1823 from mxinden/cut-v0.16.2
*: Cut v0.16.2
2 parents 571caec + fb32629 commit 308b762

File tree

6 files changed

+286
-27
lines changed

6 files changed

+286
-27
lines changed

CHANGELOG.md

+9
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,12 @@
1+
## 0.16.2 / 2019-04-03
2+
3+
Updating to v0.16.2 is recommended for all users using the Slack, Pagerduty,
4+
Hipchat, Wechat, VictorOps and Pushover notifier, as connection errors could
5+
leak secrets embedded in the notifier's URL to stdout.
6+
7+
* [BUGFIX] Redact notifier URL from logs to not leak secrets embedded in the URL (#1822, #1825)
8+
* [BUGFIX] Allow sending of unauthenticated SMTP requests when `smtp_auth_username` is not supplied (#1739)
9+
110
## 0.16.1 / 2019-01-31
211

312
* [BUGFIX] Do not populate cluster info if clustering is disabled in API v2 (#1726)

Makefile

+1-1
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ PRECHECK_OPTIONS_bzr = version
2828
build-all: assets apiv2 build
2929

3030
assets: ui/app/script.js ui/app/index.html ui/app/lib template/default.tmpl
31-
cd $(PREFIX)/asset && $(GO) generate
31+
GO111MODULE=$(GO111MODULE) $(GO) generate ./asset
3232
@$(GOFMT) -w ./asset
3333

3434
ui/app/script.js: $(shell find ui/app/src -iname *.elm) api/v2/openapi.yaml

VERSION

+1-1
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
0.16.1
1+
0.16.2

notify/impl.go

+38-20
Original file line numberDiff line numberDiff line change
@@ -221,6 +221,13 @@ func NewEmail(c *config.EmailConfig, t *template.Template, l log.Logger) *Email
221221
// auth resolves a string of authentication mechanisms.
222222
func (n *Email) auth(mechs string) (smtp.Auth, error) {
223223
username := n.conf.AuthUsername
224+
225+
// If no username is set, keep going without authentication.
226+
if n.conf.AuthUsername == "" {
227+
level.Debug(n.logger).Log("msg", "smtp_auth_username is not configured. Attempting to send email without authenticating")
228+
return nil, nil
229+
}
230+
224231
err := &types.MultiError{}
225232
for _, mech := range strings.Split(mechs, " ") {
226233
switch mech {
@@ -464,11 +471,16 @@ type PagerDuty struct {
464471
conf *config.PagerdutyConfig
465472
tmpl *template.Template
466473
logger log.Logger
474+
apiV1 string // for tests.
467475
}
468476

469477
// NewPagerDuty returns a new PagerDuty notifier.
470478
func NewPagerDuty(c *config.PagerdutyConfig, t *template.Template, l log.Logger) *PagerDuty {
471-
return &PagerDuty{conf: c, tmpl: t, logger: l}
479+
n := &PagerDuty{conf: c, tmpl: t, logger: l}
480+
if c.ServiceKey != "" {
481+
n.apiV1 = "https://events.pagerduty.com/generic/2010-04-15/create_event.json"
482+
}
483+
return n
472484
}
473485

474486
const (
@@ -533,12 +545,6 @@ func (n *PagerDuty) notifyV1(
533545
Details: details,
534546
}
535547

536-
apiURL, err := url.Parse("https://events.pagerduty.com/generic/2010-04-15/create_event.json")
537-
if err != nil {
538-
return false, err
539-
}
540-
n.conf.URL = &config.URL{apiURL}
541-
542548
if eventType == pagerDutyEventTrigger {
543549
msg.Client = tmpl(n.conf.Client)
544550
msg.ClientURL = tmpl(n.conf.ClientURL)
@@ -553,7 +559,7 @@ func (n *PagerDuty) notifyV1(
553559
return false, err
554560
}
555561

556-
resp, err := post(ctx, c, n.conf.URL.String(), contentTypeJSON, &buf)
562+
resp, err := post(ctx, c, n.apiV1, contentTypeJSON, &buf)
557563
if err != nil {
558564
return true, err
559565
}
@@ -664,7 +670,7 @@ func (n *PagerDuty) Notify(ctx context.Context, as ...*types.Alert) (bool, error
664670
return false, err
665671
}
666672

667-
if n.conf.ServiceKey != "" {
673+
if n.apiV1 != "" {
668674
return n.notifyV1(ctx, c, eventType, key, data, details, as...)
669675
}
670676
return n.notifyV2(ctx, c, eventType, key, data, details, as...)
@@ -838,9 +844,10 @@ func (n *Slack) Notify(ctx context.Context, as ...*types.Alert) (bool, error) {
838844
return false, err
839845
}
840846

841-
resp, err := post(ctx, c, n.conf.APIURL.String(), contentTypeJSON, &buf)
847+
u := n.conf.APIURL.String()
848+
resp, err := post(ctx, c, u, contentTypeJSON, &buf)
842849
if err != nil {
843-
return true, err
850+
return true, redactURL(err)
844851
}
845852
resp.Body.Close()
846853

@@ -927,7 +934,7 @@ func (n *Hipchat) Notify(ctx context.Context, as ...*types.Alert) (bool, error)
927934

928935
resp, err := post(ctx, c, apiURL.String(), contentTypeJSON, &buf)
929936
if err != nil {
930-
return true, err
937+
return true, redactURL(err)
931938
}
932939

933940
defer resp.Body.Close()
@@ -1028,7 +1035,7 @@ func (n *Wechat) Notify(ctx context.Context, as ...*types.Alert) (bool, error) {
10281035

10291036
resp, err := c.Do(req.WithContext(ctx))
10301037
if err != nil {
1031-
return true, err
1038+
return true, redactURL(err)
10321039
}
10331040
defer resp.Body.Close()
10341041

@@ -1079,7 +1086,7 @@ func (n *Wechat) Notify(ctx context.Context, as ...*types.Alert) (bool, error) {
10791086

10801087
resp, err := c.Do(req.WithContext(ctx))
10811088
if err != nil {
1082-
return true, err
1089+
return true, redactURL(err)
10831090
}
10841091
defer resp.Body.Close()
10851092

@@ -1308,7 +1315,7 @@ func (n *VictorOps) Notify(ctx context.Context, as ...*types.Alert) (bool, error
13081315

13091316
resp, err := post(ctx, c, apiURL.String(), contentTypeJSON, buf)
13101317
if err != nil {
1311-
return true, err
1318+
return true, redactURL(err)
13121319
}
13131320

13141321
defer resp.Body.Close()
@@ -1396,11 +1403,12 @@ type Pushover struct {
13961403
conf *config.PushoverConfig
13971404
tmpl *template.Template
13981405
logger log.Logger
1406+
apiURL string // for tests.
13991407
}
14001408

14011409
// NewPushover returns a new Pushover notifier.
14021410
func NewPushover(c *config.PushoverConfig, t *template.Template, l log.Logger) *Pushover {
1403-
return &Pushover{conf: c, tmpl: t, logger: l}
1411+
return &Pushover{conf: c, tmpl: t, logger: l, apiURL: "https://api.pushover.net/1/messages.json"}
14041412
}
14051413

14061414
// Notify implements the Notifier interface.
@@ -1465,13 +1473,13 @@ func (n *Pushover) Notify(ctx context.Context, as ...*types.Alert) (bool, error)
14651473
return false, err
14661474
}
14671475

1468-
apiURL := "https://api.pushover.net/1/messages.json"
1469-
u, err := url.Parse(apiURL)
1476+
u, err := url.Parse(n.apiURL)
14701477
if err != nil {
14711478
return false, err
14721479
}
14731480
u.RawQuery = parameters.Encode()
1474-
level.Debug(n.logger).Log("msg", "Sending Pushover message", "incident", key, "url", u.String())
1481+
// Don't log the URL as it contains secret data (see #1825).
1482+
level.Debug(n.logger).Log("msg", "Sending Pushover message", "incident", key)
14751483

14761484
c, err := commoncfg.NewClientFromConfig(*n.conf.HTTPConfig, "pushover")
14771485
if err != nil {
@@ -1480,7 +1488,7 @@ func (n *Pushover) Notify(ctx context.Context, as ...*types.Alert) (bool, error)
14801488

14811489
resp, err := post(ctx, c, u.String(), "text/plain", nil)
14821490
if err != nil {
1483-
return true, err
1491+
return true, redactURL(err)
14841492
}
14851493
defer resp.Body.Close()
14861494

@@ -1559,6 +1567,16 @@ func hashKey(s string) string {
15591567
return fmt.Sprintf("%x", h.Sum(nil))
15601568
}
15611569

1570+
// redactURL removes the URL part from an error of *url.Error type.
1571+
func redactURL(err error) error {
1572+
e, ok := err.(*url.Error)
1573+
if !ok {
1574+
return err
1575+
}
1576+
e.URL = "<redacted>"
1577+
return e
1578+
}
1579+
15621580
func post(ctx context.Context, client *http.Client, url string, bodyType string, body io.Reader) (*http.Response, error) {
15631581
req, err := http.NewRequest("POST", url, body)
15641582
if err != nil {

0 commit comments

Comments
 (0)