Merge pull request #9998 from lafirest/fix/http-authn-pass-leak

fix(connector): redact the http body in error logs for security reasons

apps/emqx_connector/src/emqx_connector_http.erl

@@ -328,15 +328,17 @@ on_query(
         {ok, StatusCode, Headers} ->
             ?SLOG(error, #{
                 msg => "http connector do request, received error response",
-                request => redact(NRequest),
+                note => "the body will be redacted due to security reasons",
+                request => redact_request(NRequest),
                 connector => InstId,
                 status_code => StatusCode
             }),
             {error, #{status_code => StatusCode, headers => Headers}};
         {ok, StatusCode, Headers, Body} ->
             ?SLOG(error, #{
-                msg => "http connector do request, received error response",
+                msg => "http connector do request, received error response.",
-                request => redact(NRequest),
+                note => "the body will be redacted due to security reasons",
+                request => redact_request(NRequest),
                 connector => InstId,
                 status_code => StatusCode
             }),
@@ -601,6 +603,15 @@ is_sensitive_key(_) ->
 redact(Data) ->
     emqx_misc:redact(Data, fun is_sensitive_key/1).
 
+%% because the body may contain some sensitive data
+%% and at the same time the redact function will not scan the binary data
+%% and we also can't know the body format and where the sensitive data will be
+%% so the easy way to keep data security is redacted the whole body
+redact_request({Path, Headers}) ->
+    {Path, redact(Headers)};
+redact_request({Path, Headers, _Body}) ->
+    {Path, redact(Headers), <<"******">>}.
+
 -ifdef(TEST).
 -include_lib("eunit/include/eunit.hrl").
 

changes/ce/perf-9998.en.md

@@ -0,0 +1 @@
+Redact the HTTP request body in the authentication error logs for security reasons.

changes/ce/perf-9998.zh.md

@@ -0,0 +1 @@
+出于安全原因，在身份验证错误日志中模糊 HTTP 请求正文。