From 5bf0adad8748e96e10529d5fc5777afc9236a7b5 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 2 Dec 2021 15:26:24 -0500 Subject: caddyhttp: Make logging of credential headers opt-in (#4438) --- modules/caddyhttp/marshalers.go | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) (limited to 'modules/caddyhttp/marshalers.go') diff --git a/modules/caddyhttp/marshalers.go b/modules/caddyhttp/marshalers.go index c99c94e..e6fc3a6 100644 --- a/modules/caddyhttp/marshalers.go +++ b/modules/caddyhttp/marshalers.go @@ -24,7 +24,11 @@ import ( ) // LoggableHTTPRequest makes an HTTP request loggable with zap.Object(). -type LoggableHTTPRequest struct{ *http.Request } +type LoggableHTTPRequest struct { + *http.Request + + ShouldLogCredentials bool +} // MarshalLogObject satisfies the zapcore.ObjectMarshaler interface. func (r LoggableHTTPRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error { @@ -40,7 +44,10 @@ func (r LoggableHTTPRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error { enc.AddString("method", r.Method) enc.AddString("host", r.Host) enc.AddString("uri", r.RequestURI) - enc.AddObject("headers", LoggableHTTPHeader(r.Header)) + enc.AddObject("headers", LoggableHTTPHeader{ + Header: r.Header, + ShouldLogCredentials: r.ShouldLogCredentials, + }) if r.TLS != nil { enc.AddObject("tls", LoggableTLSConnState(*r.TLS)) } @@ -48,19 +55,25 @@ func (r LoggableHTTPRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error { } // LoggableHTTPHeader makes an HTTP header loggable with zap.Object(). -// Headers with potentially sensitive information (Cookie, Authorization, -// and Proxy-Authorization) are logged with empty values. -type LoggableHTTPHeader http.Header +// Headers with potentially sensitive information (Cookie, Set-Cookie, +// Authorization, and Proxy-Authorization) are logged with empty values. +type LoggableHTTPHeader struct { + http.Header + + ShouldLogCredentials bool +} // MarshalLogObject satisfies the zapcore.ObjectMarshaler interface. func (h LoggableHTTPHeader) MarshalLogObject(enc zapcore.ObjectEncoder) error { - if h == nil { + if h.Header == nil { return nil } - for key, val := range h { - switch strings.ToLower(key) { - case "cookie", "authorization", "proxy-authorization": - val = []string{} + for key, val := range h.Header { + if !h.ShouldLogCredentials { + switch strings.ToLower(key) { + case "cookie", "set-cookie", "authorization", "proxy-authorization": + val = []string{} + } } enc.AddArray(key, LoggableStringArray(val)) } -- cgit v1.2.3