diff --git a/apps/emqx_dashboard/src/emqx_dashboard_bad_api.erl b/apps/emqx_dashboard/src/emqx_dashboard_bad_api.erl index 0e7489d2d..6d65ac081 100644 --- a/apps/emqx_dashboard/src/emqx_dashboard_bad_api.erl +++ b/apps/emqx_dashboard/src/emqx_dashboard_bad_api.erl @@ -21,11 +21,12 @@ -export([init/2]). init(Req0, State) -> - ?SLOG(warning, #{msg => "unexpected_api_access", request => Req0}), + RedactedReq = emqx_utils:redact(Req0), + ?SLOG(warning, #{msg => "unexpected_api_access", request => RedactedReq}), Req = cowboy_req:reply( 404, #{<<"content-type">> => <<"application/json">>}, <<"{\"code\": \"API_NOT_EXIST\", \"message\": \"Request Path Not Found\"}">>, - Req0 + RedactedReq ), {ok, Req, State}. diff --git a/apps/emqx_utils/src/emqx_utils.app.src b/apps/emqx_utils/src/emqx_utils.app.src index dff55bc86..605093875 100644 --- a/apps/emqx_utils/src/emqx_utils.app.src +++ b/apps/emqx_utils/src/emqx_utils.app.src @@ -2,7 +2,7 @@ {application, emqx_utils, [ {description, "Miscellaneous utilities for EMQX apps"}, % strict semver, bump manually! - {vsn, "5.0.1"}, + {vsn, "5.0.2"}, {modules, [ emqx_utils, emqx_utils_api, diff --git a/apps/emqx_utils/src/emqx_utils.erl b/apps/emqx_utils/src/emqx_utils.erl index e9b2a1f9e..2c6ddd9c1 100644 --- a/apps/emqx_utils/src/emqx_utils.erl +++ b/apps/emqx_utils/src/emqx_utils.erl @@ -575,6 +575,9 @@ try_to_existing_atom(Convert, Data, Encoding) -> is_sensitive_key(token) -> true; is_sensitive_key("token") -> true; is_sensitive_key(<<"token">>) -> true; +is_sensitive_key(authorization) -> true; +is_sensitive_key("authorization") -> true; +is_sensitive_key(<<"authorization">>) -> true; is_sensitive_key(password) -> true; is_sensitive_key("password") -> true; is_sensitive_key(<<"password">>) -> true; diff --git a/changes/ce/fix-10851.en.md b/changes/ce/fix-10851.en.md new file mode 100644 index 000000000..1dbd2a10e --- /dev/null +++ b/changes/ce/fix-10851.en.md @@ -0,0 +1 @@ +Obfuscated sensitive data in the bad API logging.