Hide sensitive info in HTTP logs

Prevent auth and csp auth tokens from being dumped into logs Signed-off-by: Anna Khmelnitsky <[email protected]>
vmware · Sep 21, 2023 · 7261591 · 7261591
1 parent 9d06ea9
commit 7261591
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/nsxt/provider.go b/nsxt/provider.go
@@ -796,7 +796,14 @@ func (processor logRequestProcessor) Process(req *http.Request) error {
 	if err != nil {
 		log.Fatal(err)
 	}
-	log.Printf("Issuing request towards NSX:\n%s", reqDump)
+
+	// Replace sensitive information in HTTP headers
+	authHeaderRegexp := regexp.MustCompile("(?i)Authorization:.*")
+	cspHeaderRegexp := regexp.MustCompile("(?i)Csp-Auth-Token:.*")
+	replaced := authHeaderRegexp.ReplaceAllString(string(reqDump), "<Omitted Authorization header>")
+	replaced = cspHeaderRegexp.ReplaceAllString(replaced, "<Omitted Csp-Auth-Token header>")
+
+	log.Printf("Issuing request towards NSX:\n%s", replaced)
 	return nil
 }