From 0936d864a423bf16a265557b11e465cbdd56d82f Mon Sep 17 00:00:00 2001 From: Michael Eischer Date: Wed, 4 Aug 2021 22:19:44 +0200 Subject: [PATCH] redact http authorization header in debug log output --- internal/debug/round_tripper_debug.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/internal/debug/round_tripper_debug.go b/internal/debug/round_tripper_debug.go index 22219f9b7..339c49833 100644 --- a/internal/debug/round_tripper_debug.go +++ b/internal/debug/round_tripper_debug.go @@ -76,6 +76,12 @@ func RoundTripper(upstream http.RoundTripper) http.RoundTripper { } func (tr loggingRoundTripper) RoundTrip(req *http.Request) (res *http.Response, err error) { + // save original auth and redact it + origAuth, hasAuth := req.Header["Authorization"] + if hasAuth { + req.Header["Authorization"] = []string{"**redacted**"} + } + trace, err := httputil.DumpRequestOut(req, false) if err != nil { Log("DumpRequestOut() error: %v\n", err) @@ -83,6 +89,11 @@ func (tr loggingRoundTripper) RoundTrip(req *http.Request) (res *http.Response, Log("------------ HTTP REQUEST -----------\n%s", trace) } + // restore auth + if hasAuth { + req.Header["Authorization"] = origAuth + } + res, err = tr.RoundTripper.RoundTrip(req) if err != nil { Log("RoundTrip() returned error: %v", err)