2 лет назад · 9708a02680
--- a/apps/emqx_utils/src/emqx_utils.erl
+++ b/apps/emqx_utils/src/emqx_utils.erl
@@ -616,9 +616,6 @@ try_to_existing_atom(Convert, Data, Encoding) ->
 
				         _:Reason -> {error, Reason}
			
 
				     end.
			
 
				 
			
 
				-is_sensitive_key(authorization) -> true;
			
 
				-is_sensitive_key("authorization") -> true;
			
 
				-is_sensitive_key(<<"authorization">>) -> true;
			
 
				 is_sensitive_key(aws_secret_access_key) -> true;
			
 
				 is_sensitive_key("aws_secret_access_key") -> true;
			
 
				 is_sensitive_key(<<"aws_secret_access_key">>) -> true;
			
@@ -643,7 +640,10 @@ is_sensitive_key(<<"token">>) -> true;
 
				 is_sensitive_key(jwt) -> true;
			
 
				 is_sensitive_key("jwt") -> true;
			
 
				 is_sensitive_key(<<"jwt">>) -> true;
			
 
				-is_sensitive_key(_) -> false.
			
 
				+is_sensitive_key(authorization) -> true;
			
 
				+is_sensitive_key("authorization") -> true;
			
 
				+is_sensitive_key(<<"authorization">>) -> true;
			
 
				+is_sensitive_key(Key) -> is_authorization(Key).
			
 
				 
			
 
				 redact(Term) ->
			
 
				     do_redact(Term, fun is_sensitive_key/1).
			
@@ -707,6 +707,19 @@ do_is_redacted(K, <<?REDACT_VAL>>, Fun) ->
 
				 do_is_redacted(_K, _V, _Fun) ->
			
 
				     false.
			
 
				 
			
 
				+%% This is ugly, however, the authorization is case-insensitive,
			
 
				+%% the best way is to check chars one by one and quickly exit when any position is not equal,
			
 
				+%% but in Erlang, this may not perform well, so here only check the first one
			
 
				+is_authorization([Cap | _] = Key) when Cap == $a; Cap == $A ->
			
 
				+    is_authorization2(Key);
			
 
				+is_authorization(<<Cap, _/binary>> = Key) when Cap == $a; Cap == $A ->
			
 
				+    is_authorization2(erlang:binary_to_list(Key));
			
 
				+is_authorization(_Any) ->
			
 
				+    false.
			
 
				+
			
 
				+is_authorization2(Str) ->
			
 
				+    "authorization" == string:to_lower(Str).
			
 
				+
			
 
				 -ifdef(TEST).
			
 
				 -include_lib("eunit/include/eunit.hrl").
			
 
				 
			
@@ -777,6 +790,23 @@ redact2_test_() ->
 
				     Keys = [secret, passcode],
			
 
				     [{case_name(atom, Key), fun() -> Case(Key, Checker) end} || Key <- Keys].
			
 
				 
			
 
				+redact_is_authorization_test_() ->
			
 
				+    Types = [string, binary],
			
 
				+    Keys = ["auThorization", "Authorization", "authorizaTion"],
			
 
				+
			
 
				+    Case = fun(Type, Key0) ->
			
 
				+        Key =
			
 
				+            case Type of
			
 
				+                binary ->
			
 
				+                    erlang:list_to_binary(Key0);
			
 
				+                _ ->
			
 
				+                    Key0
			
 
				+            end,
			
 
				+        ?assert(is_sensitive_key(Key))
			
 
				+    end,
			
 
				+
			
 
				+    [{case_name(Type, Key), fun() -> Case(Type, Key) end} || Key <- Keys, Type <- Types].
			
 
				+
			
 
				 case_name(Type, Key) ->
			
 
				     lists:concat([Type, "-", Key]).
			
 
				 
			
--- a/changes/ce/fix-11134.en.md
+++ b/changes/ce/fix-11134.en.md
@@ -0,0 +1 @@
 
				+Fix the value of the uppercase `authorization` header is not obfuscated.
		`@@ -0,0 +1 @@`
		+Fix the value of the uppercase `authorization` header is not obfuscated.