Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

logging: Fix cookie filter #4943

Merged
merged 1 commit into from
Aug 9, 2022
Merged

logging: Fix cookie filter #4943

merged 1 commit into from
Aug 9, 2022

Conversation

francislavoie
Copy link
Member

Fix #4941

The implementation wasn't correct. Headers in logs are actually of type caddyhttp.LoggableStringArray, but the implementation was trying to read it from in.String which only works if the logged field is actually a string; it's not, so we need to use in.Interface and type assert it.

The test was also incorrect for the same reason. I think the tests were written with the assumption that the logs actually work a certain way, but they don't in reality.

Tested with the following Caddyfile, with this command curl -v -H'Cookie: myvalue=1; sessionid=ST1LLh3r3' http://localhost:8883

{
    debug
    admin off
    servers {
        log_credentials
    }
}

:8883 {
    log {
        format filter {
            wrap json
            fields {
                request>headers>Cookie cookie {
                    replace sessionid REDACTED
                }
            }
        }
    }
}

@francislavoie
logging: Fix cookie filter
6f60a00 
Fix #4941

The implementation wasn't correct. Headers in logs are actually of type `caddyhttp.LoggableStringArray`, but the implementation was trying to read it from `in.String` which only works if the logged field is actually a string; it's not, so we need to use `in.Interface` and type assert it.

The test was also incorrect for the same reason. I think the tests were written with the assumption that the logs actually work a certain way, but they don't in reality.

Tested with the following Caddyfile, with this command `curl -v -H'Cookie: myvalue=1; sessionid=ST1LLh3r3' http://localhost:8883`

```
{
    debug
    admin off
    servers {
        log_credentials
    }
}

:8883 {
    log {
        format filter {
            wrap json
            fields {
                request>headers>Cookie cookie {
                    replace sessionid REDACTED
                }
            }
        }
    }
}
```
@francislavoie francislavoie added the bug 🐞 Something isn't working label Aug 8, 2022
@francislavoie francislavoie added this to the v2.5.3 milestone Aug 8, 2022
mholt
mholt approved these changes Aug 9, 2022
View reviewed changes
Copy link
Member

@mholt mholt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, very subtle. Yikes. Thanks for the investigation and the patch!

@mholt mholt merged commit fe61209 into master Aug 9, 2022
@francislavoie francislavoie deleted the fix-cookie-filter branch August 9, 2022 01:28
WilczynskiT pushed a commit to WilczynskiT/caddy that referenced this pull request Aug 17, 2022
@francislavoie
logging: Fix cookie filter (caddyserver#4943)
1586687
@mholt mholt modified the milestones: v2.6.0-beta.1, v2.6.0 Sep 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mholt mholt mholt approved these changes

Assignees
No one assigned
Labels
bug 🐞 Something isn't working
Projects
None yet
Milestone
v2.6.0
Development

Successfully merging this pull request may close these issues.

Unable to edit Cookie in logs
2 participants
@francislavoie @mholt