Página Principal Explorar Ajuda
Iniciar Sessão
kennyh
/
emqx4.3
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #10994 from sstrigler/EMQX-10003-e-5-0-4-auth-header-value-of-webhook-data-bridge-can-be-found-in-emqx-log

fix(emqx_utils): redact proxy-authorization headers
Zaiming (Stone) Shi 2 years atrás
parent
22df275596 57d72ed23e
commit
f98cdd4983
2 changed files with 17 additions and 8 deletions
Split View Show Diff Stats
  1. 16 8
      apps/emqx_utils/src/emqx_utils.erl
  2. 1 0
      changes/ce/fix-10994.en.md

+ 16 - 8
apps/emqx_utils/src/emqx_utils.erl
Ver Ficheiro 

@@ -600,15 +600,18 @@ try_to_existing_atom(Convert, Data, Encoding) ->
 
         _:Reason -> {error, Reason}
 
     end.
 
 
-is_sensitive_key(token) -> true;
 
-is_sensitive_key("token") -> true;
 
-is_sensitive_key(<<"token">>) -> true;
 
 is_sensitive_key(authorization) -> true;
 
 is_sensitive_key("authorization") -> true;
 
 is_sensitive_key(<<"authorization">>) -> true;
 
+is_sensitive_key(aws_secret_access_key) -> true;
 
+is_sensitive_key("aws_secret_access_key") -> true;
 
+is_sensitive_key(<<"aws_secret_access_key">>) -> true;
 
 is_sensitive_key(password) -> true;
 
 is_sensitive_key("password") -> true;
 
 is_sensitive_key(<<"password">>) -> true;
 
+is_sensitive_key('proxy-authorization') -> true;
 
+is_sensitive_key("proxy-authorization") -> true;
 
+is_sensitive_key(<<"proxy-authorization">>) -> true;
 
 is_sensitive_key(secret) -> true;
 
 is_sensitive_key("secret") -> true;
 
 is_sensitive_key(<<"secret">>) -> true;
 
@@ -618,9 +621,9 @@ is_sensitive_key(<<"secret_key">>) -> true;
 
 is_sensitive_key(security_token) -> true;
 
 is_sensitive_key("security_token") -> true;
 
 is_sensitive_key(<<"security_token">>) -> true;
 
-is_sensitive_key(aws_secret_access_key) -> true;
 
-is_sensitive_key("aws_secret_access_key") -> true;
 
-is_sensitive_key(<<"aws_secret_access_key">>) -> true;
 
+is_sensitive_key(token) -> true;
 
+is_sensitive_key("token") -> true;
 
+is_sensitive_key(<<"token">>) -> true;
 
 is_sensitive_key(_) -> false.
 
 
 redact(Term) ->
 
@@ -731,9 +734,14 @@ redact_test_() ->
 
 
     Types = [atom, string, binary],
 
     Keys = [
 
-        token,
 
+        authorization,
 
+        aws_secret_access_key,
 
         password,
 
-        secret
 
+        'proxy-authorization',
 
+        secret,
 
+        secret_key,
 
+        security_token,
 
+        token
 
     ],
 
     [{case_name(Type, Key), fun() -> Case(Type, Key) end} || Key <- Keys, Type <- Types].

+ 1 - 0
changes/ce/fix-10994.en.md
Ver Ficheiro 

@@ -0,0 +1 @@
 
+Redact `proxy-authorization` headers as used by HTTP connector to not leak secrets into log-files.