bugsnag-java
bugsnag-java copied to clipboard
bugsnag
Request tab includes cookies
Expected behavior
Cookies are filtered from request headers metadata, as Cookie is included in the default filters.
Observed behavior
Request tab contains a headers map with cookie present.
Steps to reproduce
We’re using bugsnag-spring with Spring Boot 2.0.9 and Tomcat 9.0.30.
Version
3.6.1
Additional information
It looks like the issue is that the underlying servlet implementation stores header keys case-insensitively, so the default Cookie filter does not match. When it comes to filtering, I think it would make sense to make all comparisons case-insensitive, so that a filter for "password" matches "USER_PASSWORD", "adminPassword", etc.
Based on #113, it seems that the current case-sensitivity is intentional, but it’s unclear to me why it’s desired.
Hi @eager - thanks for the report. We are considering making this configuration option capable of taking regexes, which should meet your needs.
We are considering making this configuration option capable of taking regexes, which should meet your needs.
@phillipsam good to know! Would (case-insensitive) regexes be the default, and would the defaults include the 4 current filters?
Hi @eager - case-insensitive regexes would be fine, and I think it would make sense to include the 4 current filters.
We've designed a new API for redacting metadata values, which hasn't been scheduled for implementation on bugsnag-java yet. I can sketch out some of the details here if that would help #153:
redactedKeys
// Configuration.java
Collection<String> getRedactedKeys();
void setRedactedKeys(Collection<String> redactedKeys);
The requirements would be:
- values in the
redactedKeysproperty should be compiled into a regex - keys in
MetaDatashould be matched against the values ofredactedKeysand replaced with a placeholder string"[REDACTED]"if any key matches - the
filtersproperty should be marked as deprecated and direct callers to useredactedKeysinstead
If you have any questions about this please let me know.
