Skip to content

Commit

Permalink
Handle authorization header sanitization directly in logRequest
Browse files Browse the repository at this point in the history
  • Loading branch information
@lgarber-akamai
lgarber-akamai committed Jan 13, 2025
1 parent 1cfb144 commit 1c7c8e5
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 13 deletions.
20 changes: 7 additions & 13 deletions client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -293,11 +293,16 @@ func (c *httpClient) logRequest(req *http.Request, method, url string, bodyBuffe
reqBody = "nil"
}

headers := req.Header.Clone()

// Sanitize the header for logging purposes
headers.Set("Authorization", "Bearer *******************************")

var logBuf bytes.Buffer
err := reqLogTemplate.Execute(&logBuf, map[string]interface{}{
"Method": method,
"URL": url,

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by HTTP request headers
Loading
flows to a logging call.

Check failure

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.
"Headers": req.Header,
"Headers": headers,
"Body": reqBody,
})
if err == nil {
Expand Down Expand Up @@ -699,16 +704,6 @@ func (c *Client) SetHeader(name, value string) {
c.resty.SetHeader(name, value)
}

func (c *Client) enableLogSanitization() *Client {
c.resty.OnRequestLog(func(r *resty.RequestLog) error {
// masking authorization header
r.Header.Set("Authorization", "Bearer *******************************")
return nil
})

return c
}

// NewClient factory to create new Client struct
func NewClient(hc *http.Client) (client Client) {
if hc != nil {
Expand Down Expand Up @@ -755,8 +750,7 @@ func NewClient(hc *http.Client) (client Client) {
SetRetryWaitTime(APISecondsPerPoll * time.Second).
SetPollDelay(APISecondsPerPoll * time.Second).
SetRetries().
SetDebug(envDebug).
enableLogSanitization()
SetDebug(envDebug)

return
}
Expand Down
3 changes: 3 additions & 0 deletions go.work.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,12 @@ golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY=
golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
Expand Down

0 comments on commit 1c7c8e5

Please sign in to comment.