From 5b21f2f46179dc8ba17374934cbe163adc8a6756 Mon Sep 17 00:00:00 2001 From: Junjie Gao Date: Mon, 2 Dec 2024 10:03:54 +0800 Subject: [PATCH] perf(log): encode objects only when logged (#481) Fix: - replaced `.String()` with the `%v` format to avoid rendering the string before actually logging it. Resolves #480 Signed-off-by: Junjie Gao Signed-off-by: Patrick Zheng --- notation.go | 4 ++-- verifier/verifier.go | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/notation.go b/notation.go index bb051d13..294664b0 100644 --- a/notation.go +++ b/notation.go @@ -134,7 +134,7 @@ func Sign(ctx context.Context, signer Signer, repo registry.Repository, signOpts } // artifactRef is a tag logger.Warnf("Always sign the artifact using digest(`@sha256:...`) rather than a tag(`:%s`) because tags are mutable and a tag reference can point to a different artifact than the one signed", artifactRef) - logger.Infof("Resolved artifact tag `%s` to digest `%s` before signing", artifactRef, targetDesc.Digest.String()) + logger.Infof("Resolved artifact tag `%s` to digest `%v` before signing", artifactRef, targetDesc.Digest) } descToSign, err := addUserMetadataToDescriptor(ctx, targetDesc, signOpts.UserMetadata) if err != nil { @@ -378,7 +378,7 @@ func Verify(ctx context.Context, verifier Verifier, repo registry.Repository, ve } if ref.ValidateReferenceAsDigest() != nil { // artifactRef is not a digest reference - logger.Infof("Resolved artifact tag `%s` to digest `%s` before verification", ref.Reference, artifactDescriptor.Digest.String()) + logger.Infof("Resolved artifact tag `%s` to digest `%v` before verification", ref.Reference, artifactDescriptor.Digest) logger.Warn("The resolved digest may not point to the same signed artifact, since tags are mutable") } else if ref.Reference != artifactDescriptor.Digest.String() { return ocispec.Descriptor{}, nil, ErrorSignatureRetrievalFailed{Msg: fmt.Sprintf("user input digest %s does not match the resolved digest %s", ref.Reference, artifactDescriptor.Digest.String())} diff --git a/verifier/verifier.go b/verifier/verifier.go index e1d06528..b50869ba 100644 --- a/verifier/verifier.go +++ b/verifier/verifier.go @@ -678,7 +678,7 @@ func revocationFinalResult(certResults []*revocationresult.CertRevocationResult, certResult := certResults[i] if certResult.RevocationMethod == revocationresult.RevocationMethodOCSPFallbackCRL { // log the fallback warning - logger.Warnf("OCSP check failed with unknown error and fallback to CRL check for certificate #%d in chain with subject %v", (i + 1), cert.Subject.String()) + logger.Warnf("OCSP check failed with unknown error and fallback to CRL check for certificate #%d in chain with subject %v", (i + 1), cert.Subject) } for _, serverResult := range certResult.ServerResults { if serverResult.Error != nil { @@ -687,10 +687,10 @@ func revocationFinalResult(certResults []*revocationresult.CertRevocationResult, // when the final revocation method is OCSPFallbackCRL, // the OCSP server results should not be logged as an error // since the CRL revocation check can succeed. - logger.Debugf("Certificate #%d in chain with subject %v encountered an error for revocation method %s at URL %q: %v", (i + 1), cert.Subject.String(), revocationresult.RevocationMethodOCSP, serverResult.Server, serverResult.Error) + logger.Debugf("Certificate #%d in chain with subject %v encountered an error for revocation method %s at URL %q: %v", (i + 1), cert.Subject, revocationresult.RevocationMethodOCSP, serverResult.Server, serverResult.Error) continue } - logger.Errorf("Certificate #%d in chain with subject %v encountered an error for revocation method %s at URL %q: %v", (i + 1), cert.Subject.String(), serverResult.RevocationMethod, serverResult.Server, serverResult.Error) + logger.Errorf("Certificate #%d in chain with subject %v encountered an error for revocation method %s at URL %q: %v", (i + 1), cert.Subject, serverResult.RevocationMethod, serverResult.Server, serverResult.Error) } } @@ -706,7 +706,7 @@ func revocationFinalResult(certResults []*revocationresult.CertRevocationResult, } if i < len(certResults)-1 && certResult.Result == revocationresult.ResultNonRevokable { - logger.Warnf("Certificate #%d in the chain with subject %v neither has an OCSP nor a CRL revocation method.", (i + 1), cert.Subject.String()) + logger.Warnf("Certificate #%d in the chain with subject %v neither has an OCSP nor a CRL revocation method.", (i + 1), cert.Subject) } } if revokedFound {