Codebase list golang-github-bugsnag-bugsnag-go / 58d5e56
Fixes for request query redaction Adam Renberg Tamm 5 years ago
2 changed file(s) with 15 addition(s) and 16 deletion(s). Raw diff Collapse all Expand all
+2
-1
request_extractor.go less more
6161 continue
6262 }
6363
64 values[i] = "FILTERED"
64 values[i] = "BUGSNAG_URL_FILTERED"
6565 changed = true
6666 }
6767 }
6969
7070 if changed {
7171 rawQuery = parsedQuery.Encode()
72 rawQuery = strings.Replace(rawQuery, "BUGSNAG_URL_FILTERED", "[FILTERED]", -1)
7273 }
7374 }
7475
+13
-15
request_extractor_test.go less more
5555 }
5656
5757 func TestExtractRequestInfoFromReq_RedactURL(t *testing.T) {
58 testCases := []struct{ in, exp string }{
59 {in: "", exp: "http://example.com"},
60 {in: "/", exp: "http://example.com/"},
61 {in: "/foo.html", exp: "http://example.com/foo.html"},
62 {in: "/foo.html?q=something&bar=123", exp: "http://example.com/foo.html?q=something&bar=123"},
63 {in: "/foo.html?foo=1&foo=2&foo=3", exp: "http://example.com/foo.html?foo=1&foo=2&foo=3"},
58 testCases := []struct {
59 in url.URL
60 exp string
61 }{
62 {in: url.URL{}, exp: "http://example.com"},
63 {in: url.URL{Path: "/"}, exp: "http://example.com/"},
64 {in: url.URL{Path: "/foo.html"}, exp: "http://example.com/foo.html"},
65 {in: url.URL{Path: "/foo.html", RawQuery: "q=something&bar=123"}, exp: "http://example.com/foo.html?q=something&bar=123"},
66 {in: url.URL{Path: "/foo.html", RawQuery: "foo=1&foo=2&foo=3"}, exp: "http://example.com/foo.html?foo=1&foo=2&foo=3"},
6467
6568 // Invalid query string.
66 {in: "/foo?%", exp: "http://example.com/foo?%"},
69 {in: url.URL{Path: "/foo", RawQuery: "%"}, exp: "http://example.com/foo?%"},
6770
6871 // Query params contain secrets
69 {in: "/foo.html?access_token=something", exp: "http://example.com/foo.html?access_token=FILTERED"},
70 {in: "/foo.html?access_token=something&access_token=", exp: "http://example.com/foo.html?access_token=FILTERED&access_token="},
72 {in: url.URL{Path: "/foo.html", RawQuery: "access_token=something"}, exp: "http://example.com/foo.html?access_token=[FILTERED]"},
73 {in: url.URL{Path: "/foo.html", RawQuery: "access_token=something&access_token=&foo=bar"}, exp: "http://example.com/foo.html?access_token=[FILTERED]&access_token=&foo=bar"},
7174 }
7275
7376 for _, tc := range testCases {
74 parsedURL, err := url.Parse(tc.in)
75 if err != nil {
76 t.Fatalf("error parsing originalURI (bad test): %v", err)
77 }
78
7977 req := &http.Request{
8078 Host: "example.com",
81 URL: parsedURL,
79 URL: &tc.in,
8280 }
8381 result := extractRequestInfoFromReq(req)
8482 if result.URL != tc.exp {