yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #12635 from lafirest/fix/r551 

fix(http): fix that sensitive headers may be printed in log when querying
This commit is contained in:
lafirest 2024-03-04 22:32:14 +08:00 committed by GitHub
parent 782d6f59d3 c5eb09a72f
commit 79f0720d14
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl
View File

@ -861,9 +861,9 @@ redact(Data) ->
%% and we also can't know the body format and where the sensitive data will be
%% so the easy way to keep data security is redacted the whole body
redact_request({Path, Headers}) ->
{Path, redact(Headers)};
{Path, emqx_utils_redact:redact_headers(Headers)};
redact_request({Path, Headers, _Body}) ->
{Path, redact(Headers), <<"******">>}.
{Path, emqx_utils_redact:redact_headers(Headers), <<"******">>}.
clientid(Msg) -> maps:get(clientid, Msg, undefined).

7
apps/emqx_utils/src/emqx_utils_redact.erl
View File

@ -16,7 +16,7 @@
-module(emqx_utils_redact).
-export([redact/1, redact/2, is_redacted/2, is_redacted/3]).
-export([redact/1, redact/2, redact_headers/1, is_redacted/2, is_redacted/3]).
-export([deobfuscate/2]).
-define(REDACT_VAL, "******").
@ -62,6 +62,9 @@ redact(Term, Checker) ->
is_sensitive_key(V) orelse Checker(V)
end).
redact_headers(Term) ->
do_redact_headers(Term).
do_redact(L, Checker) when is_list(L) ->
lists:map(fun(E) -> do_redact(E, Checker) end, L);
do_redact(M, Checker) when is_map(M) ->
@ -128,7 +131,7 @@ do_redact_headers(Value) ->
Value.
check_is_sensitive_header(Key) ->
Key1 = emqx_utils_conv:str(Key),
Key1 = string:trim(emqx_utils_conv:str(Key)),
is_sensitive_header(string:lowercase(Key1)).
is_sensitive_header("authorization") ->