Skip to content
This repository has been archived by the owner on Apr 20, 2024. It is now read-only.

Commit

Permalink
Merge pull request #75 from raphaelcruzeiro/master
Browse files Browse the repository at this point in the history 
Filter out sensitive data from the HTTP headers
  • Loading branch information
@siemensikkema
siemensikkema authored Oct 9, 2020
2 parents 0e32f80 + 87c1e33 commit 4f02ae4
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 3 deletions.
13 changes: 12 additions & 1 deletion Sources/Bugsnag/BugsnagReporter.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,10 +102,21 @@ extension BugsnagReporter {
} else {
eventRequestBody = nil
}

var headerDict: [String : Any] = request.headers.reduce(into: [:]) { result, value in
result[value.0] = value.1
}
strip(keys: configuration.keyFilters, from: &headerDict)

let filteredHeaders: [(String, String)] = headerDict.compactMap { k, v in
guard let value = v as? String else { return nil }
return (k, value)
}

eventRequest = .init(
body: eventRequestBody,
clientIp: request.headers.forwarded.first(where: { $0.for != nil })?.for ?? request.remoteAddress?.hostname,
headers: .init(uniqueKeysWithValues: request.headers.map { $0 }),
headers: .init(uniqueKeysWithValues: filteredHeaders),
httpMethod: request.method.string,
referer: "n/a",
url: request.url.string
Expand Down
8 changes: 6 additions & 2 deletions Tests/BugsnagTests/BugsnagTests.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ final class BugsnagTests: XCTestCase {
app.bugsnag.configuration = .init(
apiKey: "foo",
releaseStage: "debug",
keyFilters: ["email", "password"]
keyFilters: ["email", "password", "Authorization"]
)
app.clients.use(.test)

Expand Down Expand Up @@ -90,7 +90,9 @@ final class BugsnagTests: XCTestCase {
application: app,
method: .POST,
url: "/test",
on: app.eventLoopGroup.next()
headers: [
"Authorization": "Bearer SupErSecretT0ken!"
], on: app.eventLoopGroup.next()
)
try request.content.encode(vapor)
try request.bugsnag.report(Abort(.internalServerError, reason: "Oops")).wait()
Expand All @@ -103,13 +105,15 @@ final class BugsnagTests: XCTestCase {
User.self,
from: Data(payload.events[0].request!.body!.utf8)
)
let headers = payload.events[0].request!.headers
XCTAssertEqual(user.name, "Vapor")
XCTAssertEqual(user.email, "<hidden>")
XCTAssertEqual(user.password, "<hidden>")
XCTAssertEqual(user.user?.name, "Swift")
XCTAssertEqual(user.user?.email, "<hidden>")
XCTAssertEqual(user.user?.password, "<hidden>")
XCTAssertNil(user.user?.user)
XCTAssertEqual(headers["Authorization"], "<hidden>")
}
}

Expand Down

0 comments on commit 4f02ae4

Please sign in to comment.