artin/sourcegraph
1
0
Fork 0
mirror of https://github.com/sourcegraph/sourcegraph.git synced 2026-02-06 16:51:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
9a787d9e35
sourcegraph/internal
History
Aditya Kalia 329d3b1fc9
update url redaction logic for cloud vs dotcom (#57384) 
* remove redaction from cookie urls

removes redaction from url cookies as we no longer host private code on sourcegraph.com

* Update eventLogger.ts

* Update eventLogger.ts

* Update eventLogger.ts

* Update eventLogger.ts

* expand the logic to all marketing fields

* add additional subdomain regex filtering since isSourcegraphDotComMode is flagged on customer instance's too

* if the site_id is anything other than sourcegraphWeb, have all urls go through redaction

* update tests to test logic between cloud instances and dotcom

* add list of approved hosts where we do not redact from

* sg lint

* update redaction to only happen in one place, send redacted urls to BQ for extra measure and add tests

* sg lint

* add more test cases + re-add URL redaction on cookie side

* bazel fix

* revert referrer logic since referrer is not captured on events_usage

* updated logic to handle referrers on cloud instances + redact session_first_url as a safe measure

* add redaction to sesion_referrer and to originial_referrer to future-proof against ELE

* Migrate URL redaction to backend

refactor: Remove frontend URL redaction
Removed the frontend URL redaction logic in eventLogger.ts for firstSourceURL, lastSourceURL, originalReferrer, sessionReferrer, and sessionFirstURL. This redaction will now be handled in the backend.

Removed calls to redactSensitiveInfoFromAppURL and related cookie logic in eventLogger.ts. URL redaction is now consolidated in the backend.

* Update event_handlers_test.go

Update redaction test for referrer logic. Should only apply to managed instances since we have this clause in the function:

```
	if envvar.SourcegraphDotComMode() {
		return rawURL, nil
	}

* fix ineffectual assignment to err

* remove `redactSensitiveInfoFromAppURL` + update dotComModeVariable

since migrating redaction to backend, can remove this function + update ref to dotComVariable

* the `redactSensitiveInfoFromCloudURL` now only takes the first part of the path and redacts all query parameters except UTM

* undo redaction for referrer values + add comment on redaction

* Apply suggestions from code review

Co-authored-by: Dan Adler <dadlerj@users.noreply.github.com>

* update url path redaction logic and associated tests

* read cookie value only when its confirmed to be dotcom mode (optimization)

---------

Co-authored-by: Dan Adler <dadlerj@users.noreply.github.com>
2023-10-20 12:36:34 -04:00
..
accesstoken security: Update access token format (#56772) 2023-10-20 11:29:07 +01:00
actor actor: propagate anonymous UID from 'X-Sourcegraph-Actor-Anonymous-UID' (#57056) 2023-09-26 12:25:47 -07:00
adminanalytics logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
api logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
apptoken App: Generate token and write app token file for seamless integration with editor extensions (#53782) 2023-06-21 10:38:16 -04:00
audit logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
auth logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
authbearer telemetrygateway: add exporter and service (#56699) 2023-09-20 05:20:15 +00:00
authz Revert "Add temporary logging to dotcom sudo handler (#56429)" (#57749) 2023-10-19 20:54:56 +00:00
batches logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
binary bazel: fix remaining backend tests (#47961) 2023-03-01 17:03:01 +00:00
byteutils ci: re-enable race detection (#52776) 2023-06-05 20:41:47 +02:00
cloneurls Separate database package mocks to dbmocks package (#55778) 2023-08-14 10:48:45 +02:00
cloud Backend: remove EnterpriseDB (#54699) 2023-07-06 20:03:31 -06:00
cmd tracking-issue: update Dockerfile (#57535) 2023-10-11 16:08:07 +02:00
codeintel Remove dead code path that triggered EnqueueRepoUpdate (#57733) 2023-10-20 16:07:21 +02:00
codemonitors logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
cody update code references to "Sourcegraph App" -> "Cody App" (#56747) 2023-09-19 12:31:12 -10:00
codycontext Qdrant: hot swap on conf change (#56145) 2023-08-22 22:42:16 -06:00
codygateway Support rejecting invalid requests (#57414) 2023-10-12 18:53:40 +00:00
collections chore: use set difference operation instead of a map. (#55249) 2023-07-25 15:43:30 +04:00
comby Chore: remove some uses of log15 (#57519) 2023-10-10 16:27:52 -06:00
completions logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
compute logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
conf security: Update access token format (#56772) 2023-10-20 11:29:07 +01:00
cookie
ctags_config site-config: Make symbols not required in syntaxHighlighting (#57276) 2023-10-16 19:53:19 -04:00
database security: Update access token format (#56772) 2023-10-20 11:29:07 +01:00
debugserver logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
deviceid
diskcache Tracing: remove opentracing (#52978) 2023-06-06 11:02:15 -06:00
diskusage source: display alert when gitserver disk usage exceeds 90% (#56562) 2023-09-15 01:39:07 +01:00
download
embeddings Chore: construct logger inside dbtest.NewDB (#57549) 2023-10-11 20:41:11 -05:00
encryption encryption: Standardize envelope encryption (#56711) 2023-10-02 23:01:04 +02:00
endpoint logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
env Chore: remove some uses of log15 (#57519) 2023-10-10 16:27:52 -06:00
errcode ci: re-enable race detection (#52776) 2023-06-05 20:41:47 +02:00
eventlogger Backend: remove unused LogEvent (#55464) 2023-08-02 19:30:44 +00:00
executor Chore: construct logger inside dbtest.NewDB (#57549) 2023-10-11 20:41:11 -05:00
extsvc gopackages: Don't keep zip file in memory (#57736) 2023-10-20 16:07:11 +02:00
fastwalk app: initial work to get building on Windows (#52384) 2023-06-19 14:53:07 -07:00
featureflag web: Consolidate server and client side feature flag overrides (#57663) 2023-10-20 12:34:19 +02:00
fileutil Enable servers to run on Windows OS. (#54233) 2023-06-27 09:04:30 +00:00
github_apps batches: fix commit signing with changeset forks (#57520) 2023-10-12 06:58:49 -04:00
gitserver logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
goroutine goroutine: Don't silently stop after panic (#57675) 2023-10-19 20:57:27 +02:00
gosyntect Add MATLAB search-based code navigation (#56800) 2023-10-06 17:54:52 -04:00
gqltestutil Revert "Make sub-repo permissions integration test functional (#57764)" (#57771) 2023-10-20 14:39:02 +00:00
gqlutil ci: re-enable race detection (#52776) 2023-06-05 20:41:47 +02:00
grpc logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
hashutil
highlight logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
honey Search: update honeycomb metrics (#53327) 2023-06-12 13:48:10 -06:00
hostname
httpcli logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
httpserver
httptestutil Remove GitHub proxy service (#56485) 2023-09-14 19:43:40 +02:00
insights logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
instrumentation opentelemetry: upgrade all packages to v1.16/v0.81 (#54969) 2023-07-17 10:48:19 -07:00
inventory ci: re-enable race detection (#52776) 2023-06-05 20:41:47 +02:00
jsonc ci: re-enable race detection (#52776) 2023-06-05 20:41:47 +02:00
lazyregexp
license telemetry-export: 5.2.1 default enablement (#57605) 2023-10-17 13:03:33 -07:00
licensing licensing: export events in dotcom mode (#57717) 2023-10-18 20:10:30 -07:00
limiter ci: re-enable race detection (#52776) 2023-06-05 20:41:47 +02:00
logging
luasandbox logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
mapfs ci: re-enable race detection (#52776) 2023-06-05 20:41:47 +02:00
markdown
memo
metrics logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
notebooks Chore: construct logger inside dbtest.NewDB (#57549) 2023-10-11 20:41:11 -05:00
oauthtoken Refactor ExternalAccountsStore functions (#57509) 2023-10-13 10:41:10 +02:00
oauthutil Remove GitHub proxy service (#56485) 2023-09-14 19:43:40 +02:00
observation logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
oobmigration logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
otlpenv
own logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
packagefilters packages: move filter matching to postgres for name filter membership testing (#49940) 2023-06-16 16:46:45 +00:00
paths codeintel: consolidate enterprise & oss codeintel packages (#54431) 2023-07-05 14:58:41 +01:00
perforce gitserver: Replace P4Exec endpoint with properly typed and individually tested RPC calls (#57247) 2023-10-09 15:06:49 +02:00
productsubscription telemetrygateway: add exporter and service (#56699) 2023-09-20 05:20:15 +00:00
profiler Allow to run GCP profiler in other instances (#48204) 2023-02-24 16:30:13 +00:00
pubsub logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
randstring ci: re-enable race detection (#52776) 2023-06-05 20:41:47 +02:00
ratelimit logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
rbac Chore: construct logger inside dbtest.NewDB (#57549) 2023-10-11 20:41:11 -05:00
rcache Chore: remove some uses of log15 (#57519) 2023-10-10 16:27:52 -06:00
redislock cody-gateway: implement informational rate limit threshold Slack alerts (#53137) 2023-06-09 22:09:45 -04:00
redispool Chore: construct logger inside dbtest.NewDB (#57549) 2023-10-11 20:41:11 -05:00
repos Search: enable repo:has.topic() for GitLab (#57649) 2023-10-19 20:46:56 +00:00
repoupdater logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
requestclient reqeuestclient, audit, cody-gateway: log user-agent as well (#53785) 2023-06-20 22:12:11 +00:00
resetonce
rockskip logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
sanitycheck Running binaries with SANITY_CHECK=true immediately exits with a code zero (#52186) 2023-05-19 12:30:11 +00:00
scim logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
search logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
searcher/v1 search: remove search-hybrid flag (#57507) 2023-10-11 16:05:10 +02:00
security Allow banning of email domains for DotCom registration (#56278) 2023-08-30 21:44:52 +00:00
service logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
session Separate database package mocks to dbmocks package (#55778) 2023-08-14 10:48:45 +02:00
settings Chore: construct logger inside dbtest.NewDB (#57549) 2023-10-11 20:41:11 -05:00
singleprogram support single-program execution for local dev (#56750) 2023-09-30 03:55:26 +00:00
siteid Separate database package mocks to dbmocks package (#55778) 2023-08-14 10:48:45 +02:00
slack
sourcegraphoperator Refactor ExternalAccountsStore functions (#57509) 2023-10-13 10:41:10 +02:00
src-cli chore: Remove old CODENOTIFY entries (#57658) 2023-10-17 09:49:21 +00:00
src-prometheus ci: re-enable race detection (#52776) 2023-06-05 20:41:47 +02:00
suspiciousnames debt: extract a buncha stuff from cmd/frontend that was used outside of frontend (#52570) 2023-06-01 14:20:11 +01:00
symbols logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
syncx ci: re-enable race detection (#52776) 2023-06-05 20:41:47 +02:00
sysreq ci: re-enable race detection (#52776) 2023-06-05 20:41:47 +02:00
telemetry logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
telemetrygateway telemetry-export: 5.2.1 default enablement (#57605) 2023-10-17 13:03:33 -07:00
temporarysettings
testutil Compare JSON test output semantically instead of as strings. (#56667) 2023-09-15 09:08:44 -07:00
timeutil ci: re-enable race detection (#52776) 2023-06-05 20:41:47 +02:00
trace logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
tracer logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
ttlcache logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
txemail Revert progress made on "Enhanced admin onboarding" (#56239) 2023-09-01 16:06:25 -05:00
types Remove references to user_id and org_id fields on external services and repos (#56804) 2023-10-04 15:52:31 +02:00
unpack ci: re-enable race detection (#52776) 2023-06-05 20:41:47 +02:00
updatecheck release: sourcegraph@5.2.1 (#57703) 2023-10-18 19:12:21 +00:00
uploadhandler ci: re-enable race detection (#52776) 2023-06-05 20:41:47 +02:00
uploadstore uploadstore: Don't read AWS config for blobstore backend (#57431) 2023-10-19 20:37:18 +02:00
usagestats update url redaction logic for cloud vs dotcom (#57384) 2023-10-20 12:36:34 -04:00
users logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
vcs Enable servers to run on Windows OS. (#54233) 2023-06-27 09:04:30 +00:00
version Chore: construct logger inside dbtest.NewDB (#57549) 2023-10-11 20:41:11 -05:00
webhooks/outbound Separate database package mocks to dbmocks package (#55778) 2023-08-14 10:48:45 +02:00
workerutil logger: update log lib and remove use of description (#57690) 2023-10-18 17:29:08 +02:00
wrexec wrexec: Don't panic when process state is nil (#57610) 2023-10-16 23:40:16 +02:00
xcontext Backend: add xcontext.Detach (#53122) 2023-06-08 08:54:50 -06:00
buf.yaml sg lint: fix 'buf lint' rule by actually adding buf.yaml file (#48076) 2023-02-22 23:04:21 +00:00
BUILD.bazel bazel: fix remaining backend tests (#47961) 2023-03-01 17:03:01 +00:00