nghttpx: Don't log authorization request header field value with -LINFO

This commit is contained in:
Tatsuhiro Tsujikawa 2019-04-15 22:59:26 +09:00
parent ce962c3fdf
commit be96654d56
4 changed files with 24 additions and 2 deletions

View File

@ -146,13 +146,22 @@ std::string colorizeHeaders(const char *hdrs) {
nhdrs += TTY_HTTP_HD; nhdrs += TTY_HTTP_HD;
nhdrs.append(p, np); nhdrs.append(p, np);
nhdrs += TTY_RST; nhdrs += TTY_RST;
auto redact = util::strieq_l("authorization", StringRef{p, np});
p = np; p = np;
np = strchr(p, '\n'); np = strchr(p, '\n');
if (!np) { if (!np) {
nhdrs.append(p); if (redact) {
nhdrs.append(": <redacted>");
} else {
nhdrs.append(p);
}
break; break;
} }
nhdrs.append(p, np + 1); if (redact) {
nhdrs.append(": <redacted>\n");
} else {
nhdrs.append(p, np + 1);
}
p = np + 1; p = np + 1;
} }
return nhdrs; return nhdrs;

View File

@ -463,6 +463,11 @@ int Http2DownstreamConnection::push_request_headers() {
if (LOG_ENABLED(INFO)) { if (LOG_ENABLED(INFO)) {
std::stringstream ss; std::stringstream ss;
for (auto &nv : nva) { for (auto &nv : nva) {
if (util::streq_l("authorization", nv.name, nv.namelen)) {
ss << TTY_HTTP_HD << StringRef{nv.name, nv.namelen} << TTY_RST
<< ": <redacted>\n";
continue;
}
ss << TTY_HTTP_HD << StringRef{nv.name, nv.namelen} << TTY_RST << ": " ss << TTY_HTTP_HD << StringRef{nv.name, nv.namelen} << TTY_RST << ": "
<< StringRef{nv.value, nv.valuelen} << "\n"; << StringRef{nv.value, nv.valuelen} << "\n";
} }

View File

@ -321,6 +321,10 @@ int Http2Upstream::on_request_headers(Downstream *downstream,
if (LOG_ENABLED(INFO)) { if (LOG_ENABLED(INFO)) {
std::stringstream ss; std::stringstream ss;
for (auto &nv : nva) { for (auto &nv : nva) {
if (nv.name == "authorization") {
ss << TTY_HTTP_HD << nv.name << TTY_RST << ": <redacted>\n";
continue;
}
ss << TTY_HTTP_HD << nv.name << TTY_RST << ": " << nv.value << "\n"; ss << TTY_HTTP_HD << nv.name << TTY_RST << ": " << nv.value << "\n";
} }
ULOG(INFO, this) << "HTTP request headers. stream_id=" ULOG(INFO, this) << "HTTP request headers. stream_id="

View File

@ -318,6 +318,10 @@ int htp_hdrs_completecb(http_parser *htp) {
<< "HTTP/" << req.http_major << "." << req.http_minor << "\n"; << "HTTP/" << req.http_major << "." << req.http_minor << "\n";
for (const auto &kv : req.fs.headers()) { for (const auto &kv : req.fs.headers()) {
if (kv.name == "authorization") {
ss << TTY_HTTP_HD << kv.name << TTY_RST << ": <redacted>\n";
continue;
}
ss << TTY_HTTP_HD << kv.name << TTY_RST << ": " << kv.value << "\n"; ss << TTY_HTTP_HD << kv.name << TTY_RST << ": " << kv.value << "\n";
} }