diff options
| author | Francis Lavoie <lavofr@gmail.com> | 2021-12-02 15:26:24 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-02 13:26:24 -0700 |
| commit | 5bf0adad8748e96e10529d5fc5777afc9236a7b5 (patch) | |
| tree | b26d766d1686f39d5d43847d4742782fa5524c4f /modules/caddyhttp/marshalers.go | |
| parent | 8e5aafa5cdb0bd6ad062014172ed21fdc1012cc1 (diff) | |
caddyhttp: Make logging of credential headers opt-in (#4438)
Diffstat (limited to 'modules/caddyhttp/marshalers.go')
| -rw-r--r-- | modules/caddyhttp/marshalers.go | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/modules/caddyhttp/marshalers.go b/modules/caddyhttp/marshalers.go index c99c94e..e6fc3a6 100644 --- a/modules/caddyhttp/marshalers.go +++ b/modules/caddyhttp/marshalers.go @@ -24,7 +24,11 @@ import ( ) // LoggableHTTPRequest makes an HTTP request loggable with zap.Object(). -type LoggableHTTPRequest struct{ *http.Request } +type LoggableHTTPRequest struct { + *http.Request + + ShouldLogCredentials bool +} // MarshalLogObject satisfies the zapcore.ObjectMarshaler interface. func (r LoggableHTTPRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error { @@ -40,7 +44,10 @@ func (r LoggableHTTPRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error { enc.AddString("method", r.Method) enc.AddString("host", r.Host) enc.AddString("uri", r.RequestURI) - enc.AddObject("headers", LoggableHTTPHeader(r.Header)) + enc.AddObject("headers", LoggableHTTPHeader{ + Header: r.Header, + ShouldLogCredentials: r.ShouldLogCredentials, + }) if r.TLS != nil { enc.AddObject("tls", LoggableTLSConnState(*r.TLS)) } @@ -48,19 +55,25 @@ func (r LoggableHTTPRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error { } // LoggableHTTPHeader makes an HTTP header loggable with zap.Object(). -// Headers with potentially sensitive information (Cookie, Authorization, -// and Proxy-Authorization) are logged with empty values. -type LoggableHTTPHeader http.Header +// Headers with potentially sensitive information (Cookie, Set-Cookie, +// Authorization, and Proxy-Authorization) are logged with empty values. +type LoggableHTTPHeader struct { + http.Header + + ShouldLogCredentials bool +} // MarshalLogObject satisfies the zapcore.ObjectMarshaler interface. func (h LoggableHTTPHeader) MarshalLogObject(enc zapcore.ObjectEncoder) error { - if h == nil { + if h.Header == nil { return nil } - for key, val := range h { - switch strings.ToLower(key) { - case "cookie", "authorization", "proxy-authorization": - val = []string{} + for key, val := range h.Header { + if !h.ShouldLogCredentials { + switch strings.ToLower(key) { + case "cookie", "set-cookie", "authorization", "proxy-authorization": + val = []string{} + } } enc.AddArray(key, LoggableStringArray(val)) } |