Don't use GetRawData for logging (#10450)

StekPerepolnen · web-flow · commit b390c9dba192 · 2024-10-15T20:24:48.000+02:00
diff --git a/ydb/core/fq/libs/compute/ydb/control_plane/monitoring_rest_client_actor.cpp b/ydb/core/fq/libs/compute/ydb/control_plane/monitoring_rest_client_actor.cpp
@@ -56,7 +56,7 @@ class TMonitoringRestServiceActor : public NActors::TActor<TMonitoringRestServic
                 .Build()
         );
         auto ticket = CredentialsProvider->GetAuthInfo();
-        LOG_D(httpRequest->GetRawData() << " using ticket " << NKikimr::MaskTicket(ticket));
+        LOG_D(httpRequest->GetObfuscatedData() << " using ticket " << NKikimr::MaskTicket(ticket));
         httpRequest->Set("Authorization", ticket);
 
         auto httpSenderId = Register(NYql::NDq::CreateHttpSenderActor(SelfId(), HttpProxyId, NYql::NDq::THttpSenderRetryPolicy::GetNoRetryPolicy()));
@@ -83,7 +83,7 @@ class TMonitoringRestServiceActor : public NActors::TActor<TMonitoringRestServic
             forwardResponse->Issues.AddIssue(error);
             Send(request->Sender, forwardResponse.release(), 0, request->Cookie);
             return;
-        }        
+        }
 
         try {
             NJson::TJsonReaderConfig jsonConfig;
diff --git a/ydb/library/actors/http/http.h b/ydb/library/actors/http/http.h
@@ -199,11 +199,13 @@ class THttpResponse {
 
 template <typename HeaderType, typename BufferType>
 class THttpBase : public HeaderType, public BufferType {
-public:
+protected:
+    // Returns raw, non-obfuscated data
     TStringBuf GetRawData() const {
         return TStringBuf(BufferType::Data(), BufferType::Size());
     }
 
+public:
     TString GetObfuscatedData() const {
         THeaders headers(HeaderType::Headers);
         TStringBuf authorization(headers["Authorization"]);
diff --git a/ydb/mvp/oidc_proxy/oidc_protected_page.cpp b/ydb/mvp/oidc_proxy/oidc_protected_page.cpp
@@ -53,7 +53,7 @@ void THandlerSessionServiceCheck::HandleProxy(NHttp::TEvHttpProxy::TEvHttpIncomi
         }
     } else {
         static constexpr size_t MAX_LOGGED_SIZE = 1024;
-        LOG_DEBUG_S(ctx, EService::MVP, "Can not process request to protected resource:\n" << event->Get()->Request->GetRawData().substr(0, MAX_LOGGED_SIZE));
+        LOG_DEBUG_S(ctx, EService::MVP, "Can not process request to protected resource:\n" << event->Get()->Request->GetObfuscatedData().substr(0, MAX_LOGGED_SIZE));
         httpResponse = CreateResponseForNotExistingResponseFromProtectedResource(event->Get()->GetError());
     }
     ctx.Send(Sender, new NHttp::TEvHttpProxy::TEvHttpOutgoingResponse(httpResponse));

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ void THandlerSessionServiceCheck::HandleProxy(NHttp::TEvHttpProxy::TEvHttpIncomi`
`53`	`53`	`}`
`54`	`54`	`} else {`
`55`	`55`	`static constexpr size_t MAX_LOGGED_SIZE = 1024;`
`56`		`- LOG_DEBUG_S(ctx, EService::MVP, "Can not process request to protected resource:\n" << event->Get()->Request->GetRawData().substr(0, MAX_LOGGED_SIZE));`
	`56`	`+ LOG_DEBUG_S(ctx, EService::MVP, "Can not process request to protected resource:\n" << event->Get()->Request->GetObfuscatedData().substr(0, MAX_LOGGED_SIZE));`
`57`	`57`	`httpResponse = CreateResponseForNotExistingResponseFromProtectedResource(event->Get()->GetError());`
`58`	`58`	`}`
`59`	`59`	`ctx.Send(Sender, new NHttp::TEvHttpProxy::TEvHttpOutgoingResponse(httpResponse));`