scrub

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2024 License: BSD-3-Clause Imports: 4 Imported by: 9

Documentation

Overview

Package scrub defines helpers for removing sensitive data from HTTP headers and URLs to make them safe for logging.

Index

Examples

Constants

This section is empty.

Variables

View Source
var (
	RestrictedHeaders = map[string]bool{
		"cookie":                      true,
		"heroku-authorization-token":  true,
		"heroku-two-factor-code":      true,
		"heroku-umbrella-token":       true,
		"http_authorization":          true,
		"http_heroku_two_factor_code": true,
		"http_x_csrf_token":           true,
		"oauth-access-token":          true,
		"omniauth.auth":               true,
		"set-cookie":                  true,
		"x-csrf-token":                true,
		"x_csrf_token":                true,
		"authorization":               true,
	}
)

The list of HTTP header names that will have their contents scrubbed of sensitive data.

View Source
var (
	RestrictedParams = map[string]bool{
		"access_token":                                true,
		"api_key":                                     true,
		"authenticity_token":                          true,
		"body.trace_chain.0.extra.cookies":            true,
		"body.trace_chain.0.extra.msg":                true,
		"body.trace_chain.0.extra.session.csrf.token": true,
		"bouncer.refresh_token":                       true,
		"bouncer.token":                               true,
		"confirm_password":                            true,
		"fingerprint":                                 true,
		"heroku_oauth_token":                          true,
		"heroku_session_nonce":                        true,
		"heroku_user_session":                         true,
		"key":                                         true,
		"oauth_token":                                 true,
		"old_secret":                                  true,
		"passwd":                                      true,
		"password":                                    true,
		"password_confirmation":                       true,
		"postgres_session_nonce":                      true,
		"private_key":                                 true,
		"request.cookies":                             true,
		"request.cookies.signup-sso-session":          true,
		"request.params._csrf":                        true,
		"request.session._csrf_token":                 true,
		"request.session.csrf.token":                  true,
		"secret":                                      true,
		"secret_token":                                true,
		"sudo_oauth_token":                            true,
		"super_user_session_secret":                   true,
		"token":                                       true,
		"user_session_secret":                         true,
		"www-sso-session":                             true,
	}
)

The list of URL parameter names that will have their contents scrubbed of sensitive data.

Functions

func Header(h http.Header) http.Header

Header removes a subset of "sensitive" HTTP headers as used by parts of Heroku's conventions for API design. The output of this function is safe to be logged except in high-security scenarios.

Example
h := http.Header{
	"Authorization": []string{"Basic hunter2"},
}

scrubbed := Header(h)
val := scrubbed.Get("Authorization") // Will be `Basic [SCRUBBED]`
_ = val                              // do something with `val`
Output:

func URL

func URL(u *url.URL) *url.URL

URL removes a subset of "sensitive" URL parameters as used by parts of Heroku's conventions for API design. The output of this function is safe to be logged except in high-security scenarios.

Example
u, err := url.Parse("https://google.com?api_key=hunter2")
if err != nil {
	log.Fatal(err)
}

su := URL(u)
log.Println(su.String()) // should be `https://google.com?api_key=[SCRUBBED]`
Output:

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL