Skip to content

Commit

Permalink
fix: add x-session-token to redacted headers (#797)
Browse files Browse the repository at this point in the history
  • Loading branch information
aeneasr authored Jul 18, 2024
1 parent 5494942 commit 471f7d6
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 4 deletions.
2 changes: 1 addition & 1 deletion logrusx/helper.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ func (l *Logger) HTTPHeadersRedacted(h http.Header) map[string]interface{} {

for key, value := range h {
keyLower := strings.ToLower(key)
if keyLower == "authorization" || keyLower == "cookie" || keyLower == "set-cookie" {
if keyLower == "authorization" || keyLower == "cookie" || keyLower == "set-cookie" || keyLower == "x-session-token" {
headers[keyLower] = l.maybeRedact(value)
} else {
headers[keyLower] = h.Get(key)
Expand Down
19 changes: 16 additions & 3 deletions logrusx/logrus_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ var fakeRequest = &http.Request{
"X-Request-Id": {"id1234"},
"Accept": {"application/json"},
"Set-Cookie": {"kratos_session=2198ef09ac09d09ff098dd123ab128353"},
"Cookie": {"kratos_cookie=2198ef09ac09d09ff098dd123ab128353"},
"X-Session-Token": {"2198ef09ac09d09ff098dd123ab128353"},
"Authorization": {"Bearer 2198ef09ac09d09ff098dd123ab128353"},
},
Body: nil,
Host: "127.0.0.1:63232",
Expand Down Expand Up @@ -186,9 +189,19 @@ func TestTextLogger(t *testing.T) {
},
},
{
l: New("logrusx-server", "v0.0.1", ForceFormat("text"), ForceLevel(logrus.DebugLevel)),
expect: []string{"set-cookie:Value is sensitive and has been redacted. To see the value set config key \"log.leak_sensitive_values = true\" or environment variable \"LOG_LEAK_SENSITIVE_VALUES=true\"."},
notExpect: []string{"set-cookie:kratos_session=2198ef09ac09d09ff098dd123ab128353"},
l: New("logrusx-server", "v0.0.1", ForceFormat("text"), ForceLevel(logrus.DebugLevel)),
expect: []string{
"set-cookie:Value is sensitive and has been redacted. To see the value set config key \"log.leak_sensitive_values = true\" or environment variable \"LOG_LEAK_SENSITIVE_VALUES=true\".",
`cookie:Value is sensitive and has been redacted. To see the value set config key "log.leak_sensitive_values = true" or environment variable "LOG_LEAK_SENSITIVE_VALUES=true".`,
`x-session-token:Value is sensitive and has been redacted. To see the value set config key "log.leak_sensitive_values = true" or environment variable "LOG_LEAK_SENSITIVE_VALUES=true".`,
`authorization:Value is sensitive and has been redacted. To see the value set config key "log.leak_sensitive_values = true" or environment variable "LOG_LEAK_SENSITIVE_VALUES=true".`,
},
notExpect: []string{
"set-cookie:kratos_session=2198ef09ac09d09ff098dd123ab128353",
"cookie:kratos_cookie=2198ef09ac09d09ff098dd123ab128353",
"x-session-token:2198ef09ac09d09ff098dd123ab128353",
"authorization:Bearer 2198ef09ac09d09ff098dd123ab128353",
},
call: func(l *Logger) {
l.WithRequest(fakeRequest).Debug()
},
Expand Down

0 comments on commit 471f7d6

Please sign in to comment.