From 012d5896d8b4d9ce6cd66e6b7c0e9d4d651d03fc Mon Sep 17 00:00:00 2001 From: Xin Liao Date: Sat, 4 Apr 2026 00:00:48 +0800 Subject: [PATCH 1/2] [fix](fe) Mask sensitive headers in stream load logs ### What problem does this PR solve? Issue Number: None Related PR: None Problem Summary: FE stream load REST logs printed full request headers, which could leak Authorization and token values into INFO logs. ### Release note None ### Check List (For Author) - Test: No need to test (log sanitization only; no completed automated test run in this environment) - Behavior changed: No - Does this need documentation: No --- .../java/org/apache/doris/httpv2/rest/LoadAction.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/LoadAction.java b/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/LoadAction.java index bcc917ad012e07..79709d9afa0a1a 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/LoadAction.java +++ b/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/LoadAction.java @@ -671,12 +671,19 @@ private String getAllHeaders(HttpServletRequest request) { Enumeration headerNames = request.getHeaderNames(); while (headerNames.hasMoreElements()) { String headerName = headerNames.nextElement(); - String headerValue = request.getHeader(headerName); + String headerValue = isSensitiveHeader(headerName) ? "***MASKED***" : request.getHeader(headerName); headers.append(headerName).append(":").append(headerValue).append(", "); } return headers.toString(); } + private boolean isSensitiveHeader(String headerName) { + return "Authorization".equalsIgnoreCase(headerName) + || "Proxy-Authorization".equalsIgnoreCase(headerName) + || "token".equalsIgnoreCase(headerName) + || "Auth-Token".equalsIgnoreCase(headerName); + } + private Backend selectBackendForGroupCommit(String clusterName, HttpServletRequest req, long tableId) throws LoadException { ConnectContext ctx = new ConnectContext(); From 1ad37a32ff3bdf2fbf125edb4effc67971c8cb5b Mon Sep 17 00:00:00 2001 From: Xin Liao Date: Wed, 8 Apr 2026 12:02:18 +0800 Subject: [PATCH 2/2] [fix](fe) Mask cookie headers in stream load logs ### What problem does this PR solve? Issue Number: None Related PR: #62108 Problem Summary: Expand stream load header masking to cover cookie headers and add a regression test for sensitive header masking. ### Release note Mask Cookie and Set-Cookie headers in FE stream load logs. ### Check List (For Author) - Test: FE unit test - ./run-fe-ut.sh --run org.apache.doris.httpv2.rest.LoadActionTest - Behavior changed: Yes (Cookie and Set-Cookie headers are now masked in logs) - Does this need documentation: No --- .../apache/doris/httpv2/rest/LoadAction.java | 2 + .../doris/httpv2/rest/LoadActionTest.java | 49 +++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 fe/fe-core/src/test/java/org/apache/doris/httpv2/rest/LoadActionTest.java diff --git a/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/LoadAction.java b/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/LoadAction.java index 79709d9afa0a1a..bea379f4f2860f 100644 --- a/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/LoadAction.java +++ b/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/LoadAction.java @@ -680,6 +680,8 @@ private String getAllHeaders(HttpServletRequest request) { private boolean isSensitiveHeader(String headerName) { return "Authorization".equalsIgnoreCase(headerName) || "Proxy-Authorization".equalsIgnoreCase(headerName) + || "Cookie".equalsIgnoreCase(headerName) + || "Set-Cookie".equalsIgnoreCase(headerName) || "token".equalsIgnoreCase(headerName) || "Auth-Token".equalsIgnoreCase(headerName); } diff --git a/fe/fe-core/src/test/java/org/apache/doris/httpv2/rest/LoadActionTest.java b/fe/fe-core/src/test/java/org/apache/doris/httpv2/rest/LoadActionTest.java new file mode 100644 index 00000000000000..28d7cda587c60c --- /dev/null +++ b/fe/fe-core/src/test/java/org/apache/doris/httpv2/rest/LoadActionTest.java @@ -0,0 +1,49 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package org.apache.doris.httpv2.rest; + +import jakarta.servlet.http.HttpServletRequest; +import org.junit.Assert; +import org.junit.Test; +import org.mockito.Mockito; + +import java.lang.reflect.Method; +import java.util.Arrays; +import java.util.Collections; + +public class LoadActionTest { + + @Test + public void testGetAllHeadersMasksSensitiveHeaders() throws Exception { + LoadAction action = new LoadAction(); + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + Mockito.when(request.getHeaderNames()).thenReturn(Collections.enumeration(Arrays.asList( + "Authorization", "Cookie", "Set-Cookie", "token", "label"))); + Mockito.when(request.getHeader("label")).thenReturn("load_label"); + + Method method = LoadAction.class.getDeclaredMethod("getAllHeaders", HttpServletRequest.class); + method.setAccessible(true); + String headers = (String) method.invoke(action, request); + + Assert.assertTrue(headers.contains("Authorization:***MASKED***")); + Assert.assertTrue(headers.contains("Cookie:***MASKED***")); + Assert.assertTrue(headers.contains("Set-Cookie:***MASKED***")); + Assert.assertTrue(headers.contains("token:***MASKED***")); + Assert.assertTrue(headers.contains("label:load_label")); + } +}