From 3e24d287a357ca3b62dc370e8b6e62e6c27077b5 Mon Sep 17 00:00:00 2001
From: Shawn <506895667@qq.com>
Date: Tue, 21 Mar 2023 17:08:39 +0800
Subject: [PATCH] fix: hide ws_cookie from logs

---
 apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl     |  2 +-
 .../test/emqx_rule_engine_jwt_worker_SUITE.erl     |  2 +-
 src/emqx.appup.src                                 | 14 ++++++++++++--
 src/emqx_misc.erl                                  |  3 +++
 4 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl
index bd1215d70..dc62ad77d 100644
--- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl
+++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl
@@ -60,7 +60,7 @@ check(ClientInfo = #{ clientid := Clientid
     MatchSpec = ets:fun2ms(fun({?TABLE, {clientid, X}, Password, InterTime}) when X =:= Clientid-> Password;
                               ({?TABLE, {username, X}, Password, InterTime}) when X =:= Username andalso X =/= undefined -> Password
                            end),
-    Info = maps:without([password], ClientInfo),
+    Info = maps:without([password, ws_cookie], ClientInfo),
     case ets:select(?TABLE, MatchSpec) of
         [] ->
             ?LOG(debug, "[Mnesia] Auth ignored, Client: ~p", [Info]);
diff --git a/apps/emqx_rule_engine/test/emqx_rule_engine_jwt_worker_SUITE.erl b/apps/emqx_rule_engine/test/emqx_rule_engine_jwt_worker_SUITE.erl
index 5b810ddae..8ed4f197d 100644
--- a/apps/emqx_rule_engine/test/emqx_rule_engine_jwt_worker_SUITE.erl
+++ b/apps/emqx_rule_engine/test/emqx_rule_engine_jwt_worker_SUITE.erl
@@ -82,7 +82,7 @@ t_create_success(_Config) ->
         {Ref, token_created} ->
             ok
     after
-        1_000 ->
+        5_000 ->
             ct:fail("should have confirmed token creation; msgs: ~0p",
                     [process_info(self(), messages)])
     end,
diff --git a/src/emqx.appup.src b/src/emqx.appup.src
index 8dc543d4d..2530b9ec6 100644
--- a/src/emqx.appup.src
+++ b/src/emqx.appup.src
@@ -1,8 +1,13 @@
 %% -*- mode: erlang -*-
 %% Unless you know what you are doing, DO NOT edit manually!!
 {VSN,
-  [{"4.4.15",
+  [{"4.4.16",
+    [{load_module,emqx_misc,brutal_purge,soft_purge,[]},
+     {load_module,emqx_relup,brutal_purge,soft_purge,[]},
+     {load_module,emqx_app,brutal_purge,soft_purge,[]}]},
+   {"4.4.15",
     [{load_module,emqx,brutal_purge,soft_purge,[]},
+     {load_module,emqx_misc,brutal_purge,soft_purge,[]},
      {load_module,emqx_packet,brutal_purge,soft_purge,[]},
      {load_module,emqx_relup,brutal_purge,soft_purge,[]},
      {load_module,emqx_app,brutal_purge,soft_purge,[]}]},
@@ -499,8 +504,13 @@
      {apply,{application,set_env,
                          [gen_rpc,insecure_auth_fallback_allowed,true]}}]},
    {<<".*">>,[]}],
-  [{"4.4.15",
+  [{"4.4.16",
+    [{load_module,emqx_misc,brutal_purge,soft_purge,[]},
+     {load_module,emqx_relup,brutal_purge,soft_purge,[]},
+     {load_module,emqx_app,brutal_purge,soft_purge,[]}]},
+   {"4.4.15",
     [{load_module,emqx,brutal_purge,soft_purge,[]},
+     {load_module,emqx_misc,brutal_purge,soft_purge,[]},
      {load_module,emqx_packet,brutal_purge,soft_purge,[]},
      {load_module,emqx_relup,brutal_purge,soft_purge,[]},
      {load_module,emqx_app,brutal_purge,soft_purge,[]}]},
diff --git a/src/emqx_misc.erl b/src/emqx_misc.erl
index 4d8f9f464..09ce4a457 100644
--- a/src/emqx_misc.erl
+++ b/src/emqx_misc.erl
@@ -507,6 +507,9 @@ safe_io_device() ->
             standard_error
     end.
 
+is_sensitive_key(ws_cookie) -> true;
+is_sensitive_key("ws_cookie") -> true;
+is_sensitive_key(<<"ws_cookie">>) -> true;
 is_sensitive_key(token) -> true;
 is_sensitive_key("token") -> true;
 is_sensitive_key(<<"token">>) -> true;