bugsnag-java
bugsnag-java copied to clipboard
Request tab includes cookies
Expected behavior
Cookies are filtered from request headers metadata, as Cookie
is included in the default filters.
Observed behavior
Request
tab contains a headers
map with cookie
present.
Steps to reproduce
We’re using bugsnag-spring
with Spring Boot 2.0.9 and Tomcat 9.0.30.
Version
3.6.1
Additional information
It looks like the issue is that the underlying servlet implementation stores header keys case-insensitively, so the default Cookie
filter does not match. When it comes to filtering, I think it would make sense to make all comparisons case-insensitive, so that a filter for "password"
matches "USER_PASSWORD"
, "adminPassword"
, etc.
Based on #113, it seems that the current case-sensitivity is intentional, but it’s unclear to me why it’s desired.
Hi @eager - thanks for the report. We are considering making this configuration option capable of taking regexes, which should meet your needs.
We are considering making this configuration option capable of taking regexes, which should meet your needs.
@phillipsam good to know! Would (case-insensitive) regexes be the default, and would the defaults include the 4 current filters?
Hi @eager - case-insensitive regexes would be fine, and I think it would make sense to include the 4 current filters.
We've designed a new API for redacting metadata values, which hasn't been scheduled for implementation on bugsnag-java yet. I can sketch out some of the details here if that would help #153:
redactedKeys
// Configuration.java
Collection<String> getRedactedKeys();
void setRedactedKeys(Collection<String> redactedKeys);
The requirements would be:
- values in the
redactedKeys
property should be compiled into a regex - keys in
MetaData
should be matched against the values ofredactedKeys
and replaced with a placeholder string"[REDACTED]"
if any key matches - the
filters
property should be marked as deprecated and direct callers to useredactedKeys
instead
If you have any questions about this please let me know.