From 48313d6cd9f99788d3017e8f3340548d3024f32b Mon Sep 17 00:00:00 2001 From: Alex <33497058+bexsoft@users.noreply.github.com> Date: Thu, 26 Aug 2021 16:36:57 -0500 Subject: [PATCH] Removed prometheus URL from error responses to avoid data leak (#986) --- restapi/admin_info.go | 8 ++++---- restapi/user_log_search.go | 6 +++++- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/restapi/admin_info.go b/restapi/admin_info.go index 7aa781f77..5d64e6e0e 100644 --- a/restapi/admin_info.go +++ b/restapi/admin_info.go @@ -874,18 +874,18 @@ func unmarshalPrometheus(endpoint string, data interface{}) bool { httpClnt := GetConsoleHTTPClient() resp, err := httpClnt.Get(endpoint) if err != nil { - LogError("Unable to fetch labels from prometheus %s, %v", endpoint, err) + LogError("Unable to fetch labels from prometheus (%s)", resp.Status) return true } defer resp.Body.Close() if resp.StatusCode != 200 { - LogError("Unexpected error from prometheus %s (%s)", endpoint, resp.Status) + LogError("Unexpected error from prometheus (%s)", resp.Status) return true } if err = json.NewDecoder(resp.Body).Decode(data); err != nil { - LogError("Unexpected error reading response from prometheus %s, %v", endpoint, err) + LogError("Unexpected error reading response from prometheus, %v", err) return true } @@ -906,7 +906,7 @@ func testPrometheusURL(url string) bool { response, err := GetConsoleHTTPClient().Do(req) if err != nil { - LogError("Non reachable Prometheus URL: %s (%v)", url, err) + LogError("Non reachable Prometheus URL: (%v)", err) return false } diff --git a/restapi/user_log_search.go b/restapi/user_log_search.go index ae65631fb..abdbfb4b5 100644 --- a/restapi/user_log_search.go +++ b/restapi/user_log_search.go @@ -66,7 +66,11 @@ func logSearch(endpoint string) (*models.LogSearchResponse, *models.Error) { httpClnt := GetConsoleHTTPClient() resp, err := httpClnt.Get(endpoint) if err != nil { - return nil, prepareError(err) + return nil, &models.Error{ + Code: int32(500), + Message: swag.String("Log Search API not available."), + DetailedMessage: swag.String("The Log Search API cannot be reached. Please review the URL and try again."), + } } defer resp.Body.Close()