-
Notifications
You must be signed in to change notification settings - Fork 2
Add Authorization Bearer token pattern #124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
Introduces support for redacting Authorization: Bearer <token>
headers in the logging middleware.
- Adds a case-insensitive regex to
lib/patterns/default.rb
to match and redact bearer tokens. - Expands
spec/lib/redacting_logger_spec.rb
with a test case ensuring the new header is redacted.
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
File | Description |
---|---|
lib/patterns/default.rb | Adds a regex pattern for case-insensitive Authorization: Bearer token redaction |
spec/lib/redacting_logger_spec.rb | Adds a test case to verify redaction of the bearer header |
Comments suppressed due to low confidence (1)
spec/lib/redacting_logger_spec.rb:166
- It may be useful to add a test case for a lowercase
authorization: bearer
header to ensure the pattern's case-insensitivity is correctly applied.
message: '-H "Authorization: Bearer ab123456789a1abcd1~_.-+456ABCDE=" -H "Content-Type: application/json"',
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for upstreaming this @rewinfrey.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rewinfrey thank you very much for upstreaming these changes and helping to improve this gem! 🙇 ❤️
Pulled out from https://github.com/github/blackbird-mw/pull/3756.
This adds a regex pattern for redacting
Authorization: Bearer <token>
.