diff --git a/common/log_fields.go b/common/log_fields.go index 4cb96ba..4bbed90 100644 --- a/common/log_fields.go +++ b/common/log_fields.go @@ -20,7 +20,6 @@ package common import ( "maps" "slices" - "strings" log "github.com/sirupsen/logrus" ) @@ -46,70 +45,24 @@ var ( } ) -func isSensitiveLogKey(k string) bool { - key := strings.ToLower(k) - return strings.Contains(key, "passphrase") || - strings.Contains(key, "password") || - strings.Contains(key, "passwd") || - strings.Contains(key, "token") || - strings.Contains(key, "authorization") || - strings.Contains(key, "cookie") || - strings.Contains(key, "secret") || - strings.Contains(key, "apikey") || - strings.Contains(key, "api_key") -} - -func sanitizeLogValue(k string, v interface{}) interface{} { - if isSensitiveLogKey(k) { - return "****" - } - - switch ty := v.(type) { - case map[string]string: - redacted := map[string]string{} - for mk, mv := range ty { - if isSensitiveLogKey(mk) || k == "header" { - redacted[mk] = "****" - } else { - redacted[mk] = mv - } - } - return redacted - case map[string]interface{}: - redacted := map[string]interface{}{} - for mk, mv := range ty { - redacted[mk] = sanitizeLogValue(mk, mv) - } - return redacted - case []interface{}: - redacted := make([]interface{}, len(ty)) - for i, iv := range ty { - redacted[i] = sanitizeLogValue(k, iv) - } - return redacted - default: - return ty - } -} - func FilterLogFields(src log.Fields, excludes ...string) log.Fields { fields := log.Fields{} for k, v := range src { switch ty := v.(type) { + case map[string]string: + fields[k] = maps.Clone(ty) + case map[string]interface{}: + fields[k] = maps.Clone(ty) case string: if slices.Contains(nonEmptyFields, k) { if len(ty) > 0 { - fields[k] = sanitizeLogValue(k, ty) + fields[k] = ty } } else { - fields[k] = sanitizeLogValue(k, ty) + fields[k] = ty } - case map[string]string: - fields[k] = sanitizeLogValue(k, maps.Clone(ty)) - case map[string]interface{}: - fields[k] = sanitizeLogValue(k, maps.Clone(ty)) default: - fields[k] = sanitizeLogValue(k, ty) + fields[k] = ty } } diff --git a/http/webconfig_server.go b/http/webconfig_server.go index fe101c1..9bf1a9d 100644 --- a/http/webconfig_server.go +++ b/http/webconfig_server.go @@ -1063,7 +1063,7 @@ func (s *WebconfigServer) ForwardSuccessKafkaMessages(messages []common.EventMes for _, m := range messages { if len(m.DeviceId) != 16 { - log.WithFields(tfields).Warn("invalid device_id") + log.WithFields(tfields).Warn("invalid device_id " + m.DeviceId) continue } mac := m.DeviceId[4:] @@ -1083,8 +1083,8 @@ func (s *WebconfigServer) ForwardSuccessKafkaMessages(messages []common.EventMes } s.Input() <- outMessage - tfields["output_key"] = "****" - tfields["output_body"] = "omitted" + tfields["output_key"] = mac + tfields["output_body"] = m log.WithFields(tfields).Info("send") } } @@ -1093,7 +1093,6 @@ func (s *WebconfigServer) LogToken(xw *XResponseWriter, authorization, token str fields := xw.Audit() fields["logger"] = "token" tfields := common.FilterLogFields(fields) - delete(tfields, "header") var headerMap map[string]string var isObfuscated bool if itf, ok := tfields["header"]; ok { diff --git a/util/dict.go b/util/dict.go index 19e4e8d..f7d234e 100644 --- a/util/dict.go +++ b/util/dict.go @@ -19,7 +19,6 @@ package util import ( "net/http" - "strings" "time" log "github.com/sirupsen/logrus" @@ -211,32 +210,9 @@ func (d Dict) Update(itf interface{}) { } } -func isSafeHeaderKey(key string) bool { - k := strings.ToLower(strings.TrimSpace(key)) - switch k { - case "accept", - "accept-encoding", - "accept-language", - "cache-control", - "connection", - "content-length", - "content-type", - "host", - "pragma", - "user-agent": - return true - default: - return false - } -} - func HeaderToMap(header http.Header) map[string]string { m := make(map[string]string) for k, v := range header { - if !isSafeHeaderKey(k) { - m[k] = "****" - continue - } if len(v) == 0 { m[k] = "" continue diff --git a/util/dict_test.go b/util/dict_test.go index a1ed7c8..a036e34 100644 --- a/util/dict_test.go +++ b/util/dict_test.go @@ -14,7 +14,7 @@ * limitations under the License. * * SPDX-License-Identifier: Apache-2.0 -*/ + */ package util import ( @@ -144,3 +144,15 @@ func TestHeaderToMap(t *testing.T) { m := HeaderToMap(header) assert.DeepEqual(t, m, expected) } + +func TestHeaderToMapEmptyValueSlice(t *testing.T) { + // A header key present with no values should not panic and should map to "". + header := http.Header{ + "Content-Type": {"application/json"}, + "X-Empty": {}, + } + + m := HeaderToMap(header) + assert.Equal(t, m["Content-Type"], "application/json") + assert.Equal(t, m["X-Empty"], "") +}