@@ -39,12 +39,29 @@ fn obfuscate_redis_cmd<'a>(str: &mut String, cmd: &'a str, mut args: Vec<&'a str
3939 let mut uppercase_cmd = [ 0 ; 32 ] ; // no redis cmd is longer than 32 chars
4040 let uppercase_cmd = ascii_uppercase ( cmd, & mut uppercase_cmd) . unwrap_or ( & [ ] ) ;
4141 match uppercase_cmd {
42- b"AUTH" => {
42+ b"AUTH" | b"MIGRATE" | b"HELLO" => {
43+ // Obfuscate everything after command:
44+ // • AUTH password
45+ // • MIGRATE host port key|"" destination-db timeout [COPY] [REPLACE] [AUTH password]
46+ // [AUTH2 username password] [KEYS key [key ...]]
47+ // • HELLO [protover [AUTH username password] [SETNAME clientname]]
4348 if !args. is_empty ( ) {
4449 args. clear ( ) ;
4550 args. push ( "?" ) ;
4651 }
4752 }
53+ b"ACL" => {
54+ // Obfuscate all arguments after the subcommand:
55+ // • ACL SETUSER username on >password ~keys &channels +commands
56+ // • ACL GETUSER username
57+ // • ACL DELUSER username [username ...]
58+ // • ACL LIST
59+ // • ACL WHOAMI
60+ if args. len ( ) > 1 {
61+ args[ 1 ] = "?" ;
62+ args. drain ( 2 ..) ;
63+ }
64+ }
4865 b"APPEND" | b"GETSET" | b"LPUSHX" | b"GEORADIUSBYMEMBER" | b"RPUSHX" | b"SET"
4966 | b"SETNX" | b"SISMEMBER" | b"ZRANK" | b"ZREVRANK" | b"ZSCORE" => {
5067 // Obfuscate 2nd argument:
@@ -268,6 +285,86 @@ mod tests {
268285 input [ "AUTH" ]
269286 expected [ "AUTH" ] ;
270287 ]
288+ [
289+ test_name [ test_obfuscate_redis_string_migrate_basic]
290+ input [ "MIGRATE host port key destination-db timeout" ]
291+ expected [ "MIGRATE ?" ] ;
292+ ]
293+ [
294+ test_name [ test_obfuscate_redis_string_migrate_with_flags]
295+ input [ "MIGRATE host port key destination-db timeout COPY REPLACE" ]
296+ expected [ "MIGRATE ?" ] ;
297+ ]
298+ [
299+ test_name [ test_obfuscate_redis_string_migrate_with_keys]
300+ input [ r#"MIGRATE host port "" destination-db timeout KEYS key1 key2 key3"# ]
301+ expected [ "MIGRATE ?" ] ;
302+ ]
303+ [
304+ test_name [ test_obfuscate_redis_string_migrate_no_args]
305+ input [ "MIGRATE" ]
306+ expected [ "MIGRATE" ] ;
307+ ]
308+ [
309+ test_name [ test_obfuscate_redis_string_hello_version]
310+ input [ "HELLO 3" ]
311+ expected [ "HELLO ?" ] ;
312+ ]
313+ [
314+ test_name [ test_obfuscate_redis_string_hello_auth]
315+ input [ "HELLO 3 AUTH username password" ]
316+ expected [ "HELLO ?" ] ;
317+ ]
318+ [
319+ test_name [ test_obfuscate_redis_string_hello_auth_setname]
320+ input [ "HELLO 3 AUTH username password SETNAME clientname" ]
321+ expected [ "HELLO ?" ] ;
322+ ]
323+ [
324+ test_name [ test_obfuscate_redis_string_hello_no_args]
325+ input [ "HELLO" ]
326+ expected [ "HELLO" ] ;
327+ ]
328+ [
329+ test_name [ test_obfuscate_redis_string_acl_setuser]
330+ input [ "ACL SETUSER alice on >password ~* &* +@all" ]
331+ expected [ "ACL SETUSER ?" ] ;
332+ ]
333+ [
334+ test_name [ test_obfuscate_redis_string_acl_setuser_complex]
335+ input [ "ACL SETUSER bob on >mysecretpassword ~keys:* resetchannels &channel:* +@all -@dangerous" ]
336+ expected [ "ACL SETUSER ?" ] ;
337+ ]
338+ [
339+ test_name [ test_obfuscate_redis_string_acl_getuser]
340+ input [ "ACL GETUSER alice" ]
341+ expected [ "ACL GETUSER ?" ] ;
342+ ]
343+ [
344+ test_name [ test_obfuscate_redis_string_acl_deluser]
345+ input [ "ACL DELUSER alice" ]
346+ expected [ "ACL DELUSER ?" ] ;
347+ ]
348+ [
349+ test_name [ test_obfuscate_redis_string_acl_deluser_multi]
350+ input [ "ACL DELUSER alice bob charlie" ]
351+ expected [ "ACL DELUSER ?" ] ;
352+ ]
353+ [
354+ test_name [ test_obfuscate_redis_string_acl_list]
355+ input [ "ACL LIST" ]
356+ expected [ "ACL LIST" ] ;
357+ ]
358+ [
359+ test_name [ test_obfuscate_redis_string_acl_whoami]
360+ input [ "ACL WHOAMI" ]
361+ expected [ "ACL WHOAMI" ] ;
362+ ]
363+ [
364+ test_name [ test_obfuscate_redis_string_acl_no_args]
365+ input [ "ACL" ]
366+ expected [ "ACL" ] ;
367+ ]
271368 [
272369 test_name [ test_obfuscate_redis_string_4]
273370 input [ "APPEND key value" ]
0 commit comments