Don't log sensitive information from requests

sovity · May 31, 2024 · 3f3b53e · 3f3b53e
1 parent cf0b700
commit 3f3b53e
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 6 deletions.
diff --git a/...nnector-core/src/test/java/org/eclipse/edc/connector/core/base/EdcHttpClientImplTest.java b/...nnector-core/src/test/java/org/eclipse/edc/connector/core/base/EdcHttpClientImplTest.java
@@ -106,7 +106,8 @@ void execute_fallback_shouldFailAfterAttemptsExpired_whenResponseFails() {
         var result = client.execute(request, handleResponse());
 
         assertThat(result).matches(Result::failed).extracting(Result::getFailureMessages).asList()
-                .first().asString().matches(it -> it.startsWith("unexpected end of stream on"));
+                .first().asString()
+                .matches(it -> it.startsWith("unexpected end of stream on"));
     }
 
     @Test
@@ -115,14 +116,18 @@ void execute_fallback_shouldRetryIfStatusIsNot2xxOr4xx() {
 
         var request = new Request.Builder()
                 .url("http://localhost:" + port)
+                .header("Authorization", "Sensitive data")
                 .build();
 
         server.when(request(), unlimited()).respond(new HttpResponse().withStatusCode(500));
 
         var result = client.execute(request, List.of(retryWhenStatusNot2xxOr4xx()), handleResponse());
 
         assertThat(result).matches(Result::failed).extracting(Result::getFailureMessages).asList()
-                .first().asString().matches(it -> it.startsWith("Server response to"));
+                .first().asString()
+                .matches(it -> it.startsWith("Server response to"))
+                .matches("")
+                .doesNotMatch(".*Sensitive data.*");
         server.verify(request(), exactly(2));
     }
 
@@ -132,13 +137,16 @@ void execute_fallback_shouldRetryIfStatusIsNotAsExpected() {
 
         var request = new Request.Builder()
                 .url("http://localhost:" + port)
+                .header("Authorization", "Sensitive data")
                 .build();
         server.when(request(), unlimited()).respond(new HttpResponse().withStatusCode(200));
 
         var result = client.execute(request, List.of(retryWhenStatusIsNot(204)), handleResponse());
 
         assertThat(result).matches(Result::failed).extracting(Result::getFailureMessages).asList()
-                .first().asString().matches(it -> it.startsWith("Server response to"));
+                .first().asString()
+                .matches(it -> it.startsWith("Server response to"))
+                .doesNotMatch(".*Sensitive data.*");
         server.verify(request(), exactly(2));
     }
 

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -4,7 +4,7 @@ format.version = "1.1"
 [versions]
 apacheCommonsPool2 = "2.11.1"
 iron-vc = "0.8.1"
-assertj = "3.24.2"
+assertj = "3.26.0"
 atomikos = "6.0.0"
 awaitility = "4.2.0"
 bouncyCastle-jdk18on = "1.76"

diff --git a/spi/common/http-spi/src/main/java/org/eclipse/edc/spi/http/FallbackFactories.java b/spi/common/http-spi/src/main/java/org/eclipse/edc/spi/http/FallbackFactories.java
@@ -38,7 +38,7 @@ static FallbackFactory retryWhenStatusNot2xxOr4xx() {
                 if (response == null) {
                     return new EdcHttpClientException(event.getLastException().getMessage());
                 } else {
-                    return new EdcHttpClientException(format("Server response to %s was not successful but was %s: %s", request, response.code(), response.body().string()));
+                    return new EdcHttpClientException(format("Server response to [%s, %s] was not successful but was %s: %s", request.method(), request.url(), response.code(), response.body().string()));
                 }
             };
             return Fallback.builderOfException(exceptionSupplier)
@@ -59,7 +59,7 @@ static FallbackFactory retryWhenStatusIsNot(int status) {
                 if (response == null) {
                     return new EdcHttpClientException(event.getLastException().getMessage());
                 } else {
-                    return new EdcHttpClientException(format("Server response to %s was not %s but was %s: %s", request, status, response.code(), response.body().string()));
+                    return new EdcHttpClientException(format("Server response to [%s, %s] was not %s but was %s: %s", request.method(), request.url(), status, response.code(), response.body().string()));
                 }
             };
             return Fallback.builderOfException(exceptionSupplier)