mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-14 06:46:27 +03:00
logging: add replace filter for static value replacement (#4029)
This filter is intended to be useful in scenarios where you may want to redact a value with a static string, giving you information that the field did previously exist and was present, but not revealing the value itself in the logs. This was inspired by work on adding more complete support for removing sensitive values from logs [1]. An example use case would be the Authorization header in request log output, for which the value should usually not be logged, but it may be quite useful for debugging to confirm that the header was present in the request. [1] https://github.com/caddyserver/caddy/issues/3958
This commit is contained in:
parent
2a127ac3d1
commit
f137b82227
2 changed files with 36 additions and 3 deletions
|
@ -5,7 +5,7 @@ log {
|
||||||
format filter {
|
format filter {
|
||||||
wrap console
|
wrap console
|
||||||
fields {
|
fields {
|
||||||
request>headers>Authorization delete
|
request>headers>Authorization replace REDACTED
|
||||||
request>headers>Server delete
|
request>headers>Server delete
|
||||||
request>remote_addr ip_mask {
|
request>remote_addr ip_mask {
|
||||||
ipv4 24
|
ipv4 24
|
||||||
|
@ -30,7 +30,8 @@ log {
|
||||||
"encoder": {
|
"encoder": {
|
||||||
"fields": {
|
"fields": {
|
||||||
"request\u003eheaders\u003eAuthorization": {
|
"request\u003eheaders\u003eAuthorization": {
|
||||||
"filter": "delete"
|
"filter": "replace",
|
||||||
|
"value": "REDACTED"
|
||||||
},
|
},
|
||||||
"request\u003eheaders\u003eServer": {
|
"request\u003eheaders\u003eServer": {
|
||||||
"filter": "delete"
|
"filter": "delete"
|
||||||
|
@ -66,4 +67,4 @@ log {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,6 +25,7 @@ import (
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
caddy.RegisterModule(DeleteFilter{})
|
caddy.RegisterModule(DeleteFilter{})
|
||||||
|
caddy.RegisterModule(ReplaceFilter{})
|
||||||
caddy.RegisterModule(IPMaskFilter{})
|
caddy.RegisterModule(IPMaskFilter{})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -57,6 +58,37 @@ func (DeleteFilter) Filter(in zapcore.Field) zapcore.Field {
|
||||||
return in
|
return in
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ReplaceFilter is a Caddy log field filter that
|
||||||
|
// replaces the field with the indicated string.
|
||||||
|
type ReplaceFilter struct {
|
||||||
|
Value string `json:"value,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// CaddyModule returns the Caddy module information.
|
||||||
|
func (ReplaceFilter) CaddyModule() caddy.ModuleInfo {
|
||||||
|
return caddy.ModuleInfo{
|
||||||
|
ID: "caddy.logging.encoders.filter.replace",
|
||||||
|
New: func() caddy.Module { return new(ReplaceFilter) },
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// UnmarshalCaddyfile sets up the module from Caddyfile tokens.
|
||||||
|
func (f *ReplaceFilter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
||||||
|
for d.Next() {
|
||||||
|
if d.NextArg() {
|
||||||
|
f.Value = d.Val()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Filter filters the input field with the replacement value.
|
||||||
|
func (f *ReplaceFilter) Filter(in zapcore.Field) zapcore.Field {
|
||||||
|
in.Type = zapcore.StringType
|
||||||
|
in.String = f.Value
|
||||||
|
return in
|
||||||
|
}
|
||||||
|
|
||||||
// IPMaskFilter is a Caddy log field filter that
|
// IPMaskFilter is a Caddy log field filter that
|
||||||
// masks IP addresses.
|
// masks IP addresses.
|
||||||
type IPMaskFilter struct {
|
type IPMaskFilter struct {
|
||||||
|
|
Loading…
Reference in a new issue