yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #10851 from JimMoen/fix-bad-api-logging 

fix: redact api request to hide auth token
This commit is contained in:
JimMoen 2023-05-29 17:40:44 +08:00 committed by GitHub
parent e287cf9a09 dcfe985ee9
commit 6551eb21f2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/emqx_dashboard/src/emqx_dashboard_bad_api.erl
View File

@ -21,11 +21,12 @@
-export([init/2]).
init(Req0, State) ->
?SLOG(warning, #{msg => "unexpected_api_access", request => Req0}),
RedactedReq = emqx_utils:redact(Req0),
?SLOG(warning, #{msg => "unexpected_api_access", request => RedactedReq}),
Req = cowboy_req:reply(
404,
#{<<"content-type">> => <<"application/json">>},
<<"{\"code\": \"API_NOT_EXIST\", \"message\": \"Request Path Not Found\"}">>,
Req0
RedactedReq
),
{ok, Req, State}.

2
apps/emqx_utils/src/emqx_utils.app.src
View File

@ -2,7 +2,7 @@
{application, emqx_utils, [
{description, "Miscellaneous utilities for EMQX apps"},
% strict semver, bump manually!
{vsn, "5.0.1"},
{vsn, "5.0.2"},
{modules, [
emqx_utils,
emqx_utils_api,

3
apps/emqx_utils/src/emqx_utils.erl
View File

@ -575,6 +575,9 @@ try_to_existing_atom(Convert, Data, Encoding) ->
is_sensitive_key(token) -> true;
is_sensitive_key("token") -> true;
is_sensitive_key(<<"token">>) -> true;
is_sensitive_key(authorization) -> true;
is_sensitive_key("authorization") -> true;
is_sensitive_key(<<"authorization">>) -> true;
is_sensitive_key(password) -> true;
is_sensitive_key("password") -> true;
is_sensitive_key(<<"password">>) -> true;

1
changes/ce/fix-10851.en.md Normal file
View File

@ -0,0 +1 @@
Obfuscated sensitive data in the bad API logging.