diff --git a/http/transport/dump_round_tripper_test.go b/http/transport/dump_round_tripper_test.go index d3d16151c..65d180215 100644 --- a/http/transport/dump_round_tripper_test.go +++ b/http/transport/dump_round_tripper_test.go @@ -82,6 +82,30 @@ func TestNewDumpRoundTripperRedacted(t *testing.T) { assert.Contains(t, out.String(), `"message":"HTTP Transport Dump"`) } +func TestNewDumpRoundTripperRedactedBasicAuth(t *testing.T) { + out := &bytes.Buffer{} + ctx := log.Output(out).WithContext(context.Background()) + + rt := NewDumpRoundTripper( + DumpRoundTripperOptionRequest, + DumpRoundTripperOptionResponse, + DumpRoundTripperOptionBody, + ) + + req := httptest.NewRequest("GET", "/foo", bytes.NewBufferString("Authorization: Basic ZGVtbzpwQDU1dzByZA==")) + ctx = redact.Default.WithContext(ctx) + req = req.WithContext(ctx) + rt.SetTransport(&transportWithResponse{}) + + _, err := rt.RoundTrip(req) + assert.NoError(t, err) + + assert.Contains(t, out.String(), `"level":"debug"`) + assert.Contains(t, out.String(), `"request":"GET /foo HTTP/1.1\r\nHost: example.com\r\n\r\n*************************************ZA=="`) + assert.Contains(t, out.String(), `"response":"HTTP/0.0 000 status code 0\r\nContent-Length: 0\r\n\r\n"`) + assert.Contains(t, out.String(), `"message":"HTTP Transport Dump"`) +} + func TestNewDumpRoundTripperSimple(t *testing.T) { out := &bytes.Buffer{} ctx := log.Output(out).WithContext(context.Background()) diff --git a/pkg/redact/pattern.go b/pkg/redact/pattern.go index dab5aa598..e64e79036 100644 --- a/pkg/redact/pattern.go +++ b/pkg/redact/pattern.go @@ -18,6 +18,7 @@ var AllPatterns = []*regexp.Regexp{ PatternCCDinersClub, PatternCCDiscover, PatternCCJCB, + PatternBasicAuthBase64, } var ( @@ -49,4 +50,7 @@ var ( // PatternJWT JsonWebToken PatternJWT = regexp.MustCompile(`(?:ey[a-zA-Z0-9=_-]+\.){2}[a-zA-Z0-9=_-]+`) + + //PatternBasicAuthBase match any: Basic YW55IGNhcm5hbCBwbGVhcw== does not validate base64 string + PatternBasicAuthBase64 = regexp.MustCompile(`Authorization: Basic ([a-zA-Z0-9=]*)`) )