mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-15 15:26:27 +03:00
caddyhttp: Log empty value for typical password headers
Work around for common misconfiguration
This commit is contained in:
parent
7f364c777a
commit
7d5047c1f1
1 changed files with 7 additions and 2 deletions
|
@ -17,6 +17,7 @@ package caddyhttp
|
||||||
import (
|
import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"go.uber.org/zap/zapcore"
|
"go.uber.org/zap/zapcore"
|
||||||
)
|
)
|
||||||
|
@ -39,6 +40,8 @@ func (r LoggableHTTPRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoggableHTTPHeader makes an HTTP header loggable with zap.Object().
|
// LoggableHTTPHeader makes an HTTP header loggable with zap.Object().
|
||||||
|
// Headers with potentially sensitive information (Cookie, Authorization,
|
||||||
|
// and Proxy-Authorization) are logged with empty values.
|
||||||
type LoggableHTTPHeader http.Header
|
type LoggableHTTPHeader http.Header
|
||||||
|
|
||||||
// MarshalLogObject satisfies the zapcore.ObjectMarshaler interface.
|
// MarshalLogObject satisfies the zapcore.ObjectMarshaler interface.
|
||||||
|
@ -47,6 +50,10 @@ func (h LoggableHTTPHeader) MarshalLogObject(enc zapcore.ObjectEncoder) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
for key, val := range h {
|
for key, val := range h {
|
||||||
|
switch strings.ToLower(key) {
|
||||||
|
case "cookie", "authorization", "proxy-authorization":
|
||||||
|
val = []string{}
|
||||||
|
}
|
||||||
enc.AddArray(key, LoggableStringArray(val))
|
enc.AddArray(key, LoggableStringArray(val))
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
@ -75,8 +82,6 @@ func (t LoggableTLSConnState) MarshalLogObject(enc zapcore.ObjectEncoder) error
|
||||||
enc.AddUint16("version", t.Version)
|
enc.AddUint16("version", t.Version)
|
||||||
enc.AddUint16("cipher_suite", t.CipherSuite)
|
enc.AddUint16("cipher_suite", t.CipherSuite)
|
||||||
enc.AddString("proto", t.NegotiatedProtocol)
|
enc.AddString("proto", t.NegotiatedProtocol)
|
||||||
// NegotiatedProtocolIsMutual is deprecated - it's always true
|
|
||||||
enc.AddBool("proto_mutual", true)
|
|
||||||
enc.AddString("server_name", t.ServerName)
|
enc.AddString("server_name", t.ServerName)
|
||||||
if len(t.PeerCertificates) > 0 {
|
if len(t.PeerCertificates) > 0 {
|
||||||
enc.AddString("client_common_name", t.PeerCertificates[0].Subject.CommonName)
|
enc.AddString("client_common_name", t.PeerCertificates[0].Subject.CommonName)
|
||||||
|
|
Loading…
Reference in a new issue