From 7847400f3a9e3fd5efd78429cbb668ef380cceff Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Tue, 16 Jan 2024 21:02:22 +0800 Subject: [PATCH] fix: don't mutate log variable outside closure --- internal/sshportalapi/sshportal.go | 2 +- internal/sshserver/authhandler.go | 4 +--- internal/sshserver/sessionhandler.go | 4 +--- internal/sshtoken/authhandler.go | 3 +-- internal/sshtoken/sessionhandler.go | 2 +- 5 files changed, 5 insertions(+), 10 deletions(-) diff --git a/internal/sshportalapi/sshportal.go b/internal/sshportalapi/sshportal.go index 3bc9368e..fb0f9705 100644 --- a/internal/sshportalapi/sshportal.go +++ b/internal/sshportalapi/sshportal.go @@ -54,7 +54,7 @@ func sshportal(ctx context.Context, log *slog.Logger, c *nats.EncodedConn, ctx, span := otel.Tracer(pkgName).Start(ctx, SubjectSSHAccessQuery) defer span.End() requestsCounter.Inc() - log = log.With(slog.Any("query", query)) + log := log.With(slog.Any("query", query)) // sanity check the query if query.SSHFingerprint == "" || query.NamespaceName == "" { log.Warn("malformed sshportal query") diff --git a/internal/sshserver/authhandler.go b/internal/sshserver/authhandler.go index 49829b0f..99b0632f 100644 --- a/internal/sshserver/authhandler.go +++ b/internal/sshserver/authhandler.go @@ -44,9 +44,7 @@ func pubKeyAuth(log *slog.Logger, nc *nats.EncodedConn, c *k8s.Client) ssh.PublicKeyHandler { return func(ctx ssh.Context, key ssh.PublicKey) bool { authAttemptsTotal.Inc() - log = log.With( - slog.String("sessionID", ctx.SessionID()), - ) + log := log.With(slog.String("sessionID", ctx.SessionID())) // parse SSH public key pubKey, err := gossh.ParsePublicKey(key.Marshal()) if err != nil { diff --git a/internal/sshserver/sessionhandler.go b/internal/sshserver/sessionhandler.go index bfe2ad64..0effdb2e 100644 --- a/internal/sshserver/sessionhandler.go +++ b/internal/sshserver/sessionhandler.go @@ -51,9 +51,7 @@ func sessionHandler(log *slog.Logger, c *k8s.Client, return func(s ssh.Session) { sessionTotal.Inc() ctx := s.Context() - log = log.With( - slog.String("sessionID", ctx.SessionID()), - ) + log := log.With(slog.String("sessionID", ctx.SessionID())) log.Debug("starting session", slog.Any("rawCommand", s.Command()), slog.String("subsystem", s.Subsystem()), diff --git a/internal/sshtoken/authhandler.go b/internal/sshtoken/authhandler.go index 4613ed89..a7258d28 100644 --- a/internal/sshtoken/authhandler.go +++ b/internal/sshtoken/authhandler.go @@ -33,7 +33,7 @@ var ( func pubKeyAuth(log *slog.Logger, ldb LagoonDBService) ssh.PublicKeyHandler { return func(ctx ssh.Context, key ssh.PublicKey) bool { authnAttemptsTotal.Inc() - log = log.With(slog.String("sessionID", ctx.SessionID())) + log := log.With(slog.String("sessionID", ctx.SessionID())) // parse SSH public key pubKey, err := gossh.ParsePublicKey(key.Marshal()) if err != nil { @@ -59,7 +59,6 @@ func pubKeyAuth(log *slog.Logger, ldb LagoonDBService) ssh.PublicKeyHandler { authnSuccessTotal.Inc() ctx.SetValue(userUUID, user.UUID) log.Info("authentication successful", - slog.String("fingerprint", fingerprint), slog.String("userID", user.UUID.String())) return true } diff --git a/internal/sshtoken/sessionhandler.go b/internal/sshtoken/sessionhandler.go index 3143903e..227ddedf 100644 --- a/internal/sshtoken/sessionhandler.go +++ b/internal/sshtoken/sessionhandler.go @@ -245,7 +245,7 @@ func sessionHandler(log *slog.Logger, p *rbac.Permission, sessionTotal.Inc() // extract required info from the session context ctx := s.Context() - log = log.With(slog.String("sessionID", ctx.SessionID())) + log := log.With(slog.String("sessionID", ctx.SessionID())) uid, ok := ctx.Value(userUUID).(*uuid.UUID) if !ok { log.Warn("couldn't get user UUID from context")