Skip to content

Commit

Permalink
Merge pull request #207 from TomasHofman/logging-message-sanitization
Browse files Browse the repository at this point in the history 
Sanitize log message - remove Authorization HTTP header values
  • Loading branch information
@rhusar
rhusar committed Feb 1, 2024
2 parents 2fa2951 + 6d69974 commit 04189c9
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 1 deletion.
19 changes: 19 additions & 0 deletions src/main/java/org/jgroups/protocols/kubernetes/Utils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
import java.nio.file.Path;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.Callable;
import java.util.logging.Level;
Expand Down Expand Up @@ -155,5 +156,23 @@ public static void close(AutoCloseable cl) {
}
}

/**
* Sanitizes a map of HTTP headers - all entries where the key equals "Authorization" (case-insensitive) are
* overridden to mask the original authorization data.
*
* @param headers HTTP header map
* @return map where all "Authorization" entries are masked
*/
public static Map<String, String> sanitizeHttpHeaders(Map<String, String> headers) {
HashMap<String, String> newHeaders = new HashMap<>(headers);
// Iterate over all keys to find all case combinations
newHeaders.keySet().forEach(key -> {
if (key != null && key.equalsIgnoreCase("Authorization")) {
newHeaders.put(key, "***");
}
});
return newHeaders;
}

private Utils() {}
}
5 changes: 4 additions & 1 deletion src/main/java/org/jgroups/protocols/kubernetes/stream/BaseStreamProvider.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
package org.jgroups.protocols.kubernetes.stream;

import org.jgroups.protocols.kubernetes.Utils;

import java.io.IOException;
import java.net.URL;
import java.net.URLConnection;
Expand All @@ -12,7 +14,8 @@ public abstract class BaseStreamProvider implements StreamProvider {

public URLConnection openConnection(String url, Map<String, String> headers, int connectTimeout, int readTimeout) throws IOException {
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE, String.format("%s opening connection: url [%s], headers [%s], connectTimeout [%s], readTimeout [%s]", getClass().getSimpleName(), url, headers, connectTimeout, readTimeout));
log.log(Level.FINE, String.format("%s opening connection: url [%s], headers [%s], connectTimeout [%s], readTimeout [%s]",
getClass().getSimpleName(), url, Utils.sanitizeHttpHeaders(headers), connectTimeout, readTimeout));
}
URLConnection connection = new URL(url).openConnection();
if (headers != null) {
Expand Down
21 changes: 21 additions & 0 deletions src/test/java/org/jgroups/protocols/kubernetes/UtilsTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
package org.jgroups.protocols.kubernetes;

import org.assertj.core.api.Assertions;
import org.junit.Test;

import java.util.Map;

public class UtilsTest {

@Test
public void testSanitizeHttpHeaders() {
Map<String, String> sanitized = Utils.sanitizeHttpHeaders(Map.of(
"Host", "jgroups.org",
"Authorization", "Basic abcd",
"authorization", "Bearer abcd"
));
Assertions.assertThat(sanitized.get("Host")).isEqualTo("jgroups.org");
Assertions.assertThat(sanitized.get("Authorization")).isEqualTo("***");
Assertions.assertThat(sanitized.get("authorization")).isEqualTo("***");
}
}

0 comments on commit 04189c9

Please sign in to comment.