From 3906efa8d59de31d050631a1c30ffd369bc7ce23 Mon Sep 17 00:00:00 2001 From: eternal-flame-AD Date: Sun, 17 Nov 2024 12:56:05 -0600 Subject: [PATCH] more path sanitization Signed-off-by: eternal-flame-AD --- packages/backend/src/misc/log-sanitization.ts | 42 ++++++++++++++++--- 1 file changed, 36 insertions(+), 6 deletions(-) diff --git a/packages/backend/src/misc/log-sanitization.ts b/packages/backend/src/misc/log-sanitization.ts index 201de59528..0010a95cf4 100644 --- a/packages/backend/src/misc/log-sanitization.ts +++ b/packages/backend/src/misc/log-sanitization.ts @@ -18,6 +18,42 @@ export function sanitizeRequestURI(uri: string): string { return '[embed_vite]'; } + if (uri.startsWith('/emoji/')) { + return '/emoji/[emoji]'; + } + + if (uri.startsWith('/identicon/')) { + return '/identicon/[identicon]'; + } + + if (uri.startsWith('/tags/')) { + return '/tags/[tag]'; + } + + if (uri.startsWith('/user-tags/')) { + return '/user-tags/[tag]'; + } + + if (uri.startsWith('/page/')) { + return '/page/[page]'; + } + + if (uri.startsWith('/fluent-emoji/')) { + return '/fluent-emoji/[fluent-emoji]'; + } + + if (uri.startsWith('/twemoji/')) { + return '/twemoji/[twemoji]'; + } + + if (uri.startsWith('/twemoji-badge/')) { + return '/twemoji-badge/[twemoji-badge]'; + } + + if (!uri.startsWith('/api/')) { + return '[other]'; + } + const uuid = /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/g; const username_local = /\/@\w+(\/|$)/; const username_remote = /\/@\w+@[a-zA-Z0-9-.]+\.[a-zA-Z]{2,4}(\/|$)/; @@ -26,12 +62,6 @@ export function sanitizeRequestURI(uri: string): string { const aid = new RegExp(`/${aidRegExp.source.replace(/^\^/, '').replace(/\$$/, '')}(\/|$)`, 'g'); return uri - .replace(/\/tags\/[^/]+/g, '/tags/[tag]') - .replace(/\/user-tags\/[^/]+/g, '/user-tags/[tag]') - .replace(/\/page\/[\w-]+/g, '/page/[page]') - .replace(/\/fluent-emoji\/[^/]+/g, '/fluent-emoji/[fluent-emoji]') - .replace(/\/twemoji\/[^/]+/g, '/twemoji/[twemoji]') - .replace(/\/twemoji-badge\/[^/]+/g, '/twemoji-badge/[twemoji-badge]') .replace(aidx, '/[aidx]/') .replace(aid, '/[aid]/') .replace(token, '=[token]') -- 2.45.2