Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(emqx_utils): redact proxy-authorization headers #10994

Merged
merged 1 commit into from Jun 10, 2023
Merged

fix(emqx_utils): redact proxy-authorization headers #10994

merged 1 commit into from Jun 10, 2023

Conversation

sstrigler
Copy link
Contributor

@sstrigler sstrigler commented Jun 9, 2023
edited

Fixes EMQX-10003

Summary

🤖 Generated by Copilot at 2a650be

Enhanced the masking of sensitive keys in emqx_utils:is_sensitive_key/1 and added more tests for it.

PR Checklist

Please convert it to a draft if any of the following conditions are not met. Reviewers may skip over until all the items are checked:

  • Added tests for the changes
  • Changed lines covered in coverage report
  • Change log has been added to changes/{ce,ee}/(feat|perf|fix)-<PR-id>.en.md files
  • For internal contributor: there is a jira ticket to track this change
  • If there should be document changes, a PR to emqx-docs.git is sent, or a jira ticket is created to follow up
  • Schema changes are backward compatible

@sstrigler sstrigler force-pushed the EMQX-10003-e-5-0-4-auth-header-value-of-webhook-data-bridge-can-be-found-in-emqx-log branch from 2a650be to 0011f92 Compare June 9, 2023 12:36
@sstrigler sstrigler marked this pull request as ready for review June 9, 2023 12:37
@sstrigler sstrigler requested a review from a team as a code owner June 9, 2023 12:37
@sstrigler sstrigler force-pushed the EMQX-10003-e-5-0-4-auth-header-value-of-webhook-data-bridge-can-be-found-in-emqx-log branch from 0011f92 to 57d72ed Compare June 9, 2023 15:14
@zmstone zmstone merged commit f98cdd4 into emqx:master Jun 10, 2023
130 of 131 checks passed
@yanzhiemq
Copy link
Collaborator

yanzhiemq commented Jun 13, 2023
edited by Meggielqk

Bug Fixes

  • Redacted proxy-authorization headers as used by HTTP connector to avoid leaking secrets into log files.

@yanzhiemq
Copy link
Collaborator

yanzhiemq commented Jun 13, 2023
edited

修复

  • 在 HTTP 连接器中,对 proxy-authorization headers 进行了屏蔽处理,以防止将机密信息泄露到日志文件中。

@sstrigler sstrigler deleted the EMQX-10003-e-5-0-4-auth-header-value-of-webhook-data-bridge-can-be-found-in-emqx-log branch October 25, 2023 08:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zmstone zmstone zmstone approved these changes

@thalesmg thalesmg thalesmg approved these changes

@ieQu1 ieQu1 ieQu1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@sstrigler @yanzhiemq @zmstone @thalesmg @ieQu1