From 911d1e940ce91e6b17d93dcfd8cbe9d47eded08c Mon Sep 17 00:00:00 2001 From: Vignesh Shanmugam Date: Fri, 16 Jul 2021 07:38:20 -0700 Subject: [PATCH] [Heartbeat] redact authorization headers from logger (#26892) * [Heartbeat] redact authorization headers from logger * add proxy-auth headers to the list (cherry picked from commit 3598bd8d5bcf61e31cd7d81b8d2af4611b324b4a) --- libbeat/common/config_test.go | 22 ++++++++++++++++++++++ libbeat/common/logging.go | 6 +++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/libbeat/common/config_test.go b/libbeat/common/config_test.go index 5c579a6e012..f3ccebcc550 100644 --- a/libbeat/common/config_test.go +++ b/libbeat/common/config_test.go @@ -75,6 +75,28 @@ func TestConfigPrintDebug(t *testing.T) { } ] } +`, + }, + { + "config selector redacts authorization headers", + "config", + map[string]interface{}{ + "config": map[string]interface{}{ + "headers": map[string]interface{}{ + "Authorization": "secret1", + "authorization": "secret2", + }, + }, + }, + `test: +{ + "config": { + "headers": { + "Authorization": "xxxxx", + "authorization": "xxxxx" + } + } +} `, }, { diff --git a/libbeat/common/logging.go b/libbeat/common/logging.go index 2c5f656abd4..54a41da0709 100644 --- a/libbeat/common/logging.go +++ b/libbeat/common/logging.go @@ -17,6 +17,8 @@ package common +import "strings" + var maskList = MakeStringSet( "password", "passphrase", @@ -27,13 +29,15 @@ var maskList = MakeStringSet( "urls", "host", "hosts", + "authorization", + "proxy-authorization", ) func applyLoggingMask(c interface{}) { switch cfg := c.(type) { case map[string]interface{}: for k, v := range cfg { - if maskList.Has(k) { + if maskList.Has(strings.ToLower(k)) { if arr, ok := v.([]interface{}); ok { for i := range arr { arr[i] = "xxxxx"