root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 83 Packages Projects Releases Wiki Activity
grafana/pkg/util/uri_sanitize.go

55 lines
1.0 KiB
Go
Raw Normal View History

Chore: Remove sensitive information from presigned URLs prior to logging (#87035) Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
2024-06-24 20:53:42 +08:00
package util
import (
"fmt"
"net/url"
"strings"
)
const masking = "hidden"
var sensitiveQueryChecks = map[string]func(key string, urlValues url.Values) bool{
"auth_token": func(key string, urlValues url.Values) bool {
return true
},
"x-amz-signature": func(key string, urlValues url.Values) bool {
return true
},
"x-goog-signature": func(key string, urlValues url.Values) bool {
return true
},
"sig": func(key string, urlValues url.Values) bool {
for k := range urlValues {
if strings.ToLower(k) == "sv" {
return true
}
}
return false
},
}
func SanitizeURI(s string) (string, error) {
if s == "" {
return s, nil
}
u, err := url.ParseRequestURI(s)
if err != nil {
return "", fmt.Errorf("failed to sanitize URL")
}
// strip out sensitive query strings
urlValues := u.Query()
for key := range urlValues {
lk := strings.ToLower(key)
if checker, ok := sensitiveQueryChecks[lk]; ok {
if checker(key, urlValues) {
urlValues.Set(key, masking)
}
}
}
u.RawQuery = urlValues.Encode()
return u.String(), nil
}