yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #11750 from savonarola/1011-redact-auth-http-request 

Do not trace authn http request bodies
This commit is contained in:
Ilya Averyanov 2023-10-13 17:25:28 +03:00 committed by GitHub
parent d59747a011 68f31a9da2
commit 90a0c093bf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_bridge_http/src/emqx_bridge_http.app.src
View File

@ -1,6 +1,6 @@
{application, emqx_bridge_http, [ {application, emqx_bridge_http, [
{description, "EMQX HTTP Bridge and Connector Application"}, {description, "EMQX HTTP Bridge and Connector Application"},
{vsn, "0.1.3"}, {vsn, "0.1.4"},
{registered, []}, {registered, []},
{applications, [kernel, stdlib, emqx_connector, emqx_resource, ehttpc]}, {applications, [kernel, stdlib, emqx_connector, emqx_resource, ehttpc]},
{env, []}, {env, []},

13
apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl
View File

@ -57,6 +57,8 @@
-define(DEFAULT_PIPELINE_SIZE, 100). -define(DEFAULT_PIPELINE_SIZE, 100).
-define(DEFAULT_REQUEST_TIMEOUT_MS, 30_000). -define(DEFAULT_REQUEST_TIMEOUT_MS, 30_000).
-define(READACT_REQUEST_NOTE, "the request body is redacted due to security reasons").
%%===================================================================== %%=====================================================================
%% Hocon schema %% Hocon schema
@ -303,7 +305,8 @@ on_query(
"QUERY", "QUERY",
"http_connector_received", "http_connector_received",
#{ #{
request => redact(Request), request => redact_request(Request),
note => ?READACT_REQUEST_NOTE,
connector => InstId, connector => InstId,
state => redact(State) state => redact(State)
} }
@ -329,7 +332,7 @@ on_query(
{error, #{status_code := StatusCode}} -> {error, #{status_code := StatusCode}} ->
?SLOG(error, #{ ?SLOG(error, #{
msg => "http_connector_do_request_received_error_response", msg => "http_connector_do_request_received_error_response",
note => "the body will be redacted due to security reasons", note => ?READACT_REQUEST_NOTE,
request => redact_request(NRequest), request => redact_request(NRequest),
connector => InstId, connector => InstId,
status_code => StatusCode status_code => StatusCode
@ -338,7 +341,8 @@ on_query(
{error, Reason} -> {error, Reason} ->
?SLOG(error, #{ ?SLOG(error, #{
msg => "http_connector_do_request_failed", msg => "http_connector_do_request_failed",
request => redact(NRequest), note => ?READACT_REQUEST_NOTE,
request => redact_request(NRequest),
reason => Reason, reason => Reason,
connector => InstId connector => InstId
}), }),
@ -379,7 +383,8 @@ on_query_async(
"QUERY_ASYNC", "QUERY_ASYNC",
"http_connector_received", "http_connector_received",
#{ #{
request => redact(Request), request => redact_request(Request),
note => ?READACT_REQUEST_NOTE,
connector => InstId, connector => InstId,
state => redact(State) state => redact(State)
} }

1
changes/ee/fix-11750.en.md Normal file
View File

@ -0,0 +1 @@
Eliminated logging and tracing of HTTP request bodies in HTTP authentification and HTTP bridges.