67 lines
2.2 KiB
Go
67 lines
2.2 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
. "github.com/onsi/ginkgo/v2"
|
|
. "github.com/onsi/gomega"
|
|
)
|
|
|
|
// The trace buffer feeds an admin-only /api/traces endpoint. Even so, it
|
|
// must not retain the request's auth headers — once captured they outlive
|
|
// the request, get serialised to JSON for the dashboard, and could leak via
|
|
// any heap inspection. This pins the redaction contract so a future refactor
|
|
// of TraceMiddleware can't silently regress it.
|
|
var _ = Describe("redactSensitiveHeaders", func() {
|
|
It("redacts Authorization", func() {
|
|
h := http.Header{}
|
|
h.Set("Authorization", "Bearer sk-secret-1234567890")
|
|
out := redactSensitiveHeaders(h)
|
|
Expect(out.Get("Authorization")).To(Equal("[redacted]"))
|
|
Expect(out.Get("Authorization")).ToNot(ContainSubstring("sk-secret"))
|
|
})
|
|
|
|
It("redacts Proxy-Authorization", func() {
|
|
h := http.Header{}
|
|
h.Set("Proxy-Authorization", "Basic dXNlcjpwYXNz")
|
|
Expect(redactSensitiveHeaders(h).Get("Proxy-Authorization")).To(Equal("[redacted]"))
|
|
})
|
|
|
|
It("redacts Cookie and Set-Cookie", func() {
|
|
h := http.Header{}
|
|
h.Set("Cookie", "session=abc123; csrf=xyz")
|
|
h.Set("Set-Cookie", "session=newvalue; HttpOnly")
|
|
out := redactSensitiveHeaders(h)
|
|
Expect(out.Get("Cookie")).To(Equal("[redacted]"))
|
|
Expect(out.Get("Set-Cookie")).To(Equal("[redacted]"))
|
|
})
|
|
|
|
It("redacts X-Api-Key (and case variants)", func() {
|
|
h := http.Header{}
|
|
h.Set("X-Api-Key", "key-1")
|
|
h.Set("xi-api-key", "key-2")
|
|
out := redactSensitiveHeaders(h)
|
|
Expect(out.Get("X-Api-Key")).To(Equal("[redacted]"))
|
|
Expect(out.Get("Xi-Api-Key")).To(Equal("[redacted]"))
|
|
})
|
|
|
|
It("preserves benign headers", func() {
|
|
h := http.Header{}
|
|
h.Set("Content-Type", "application/json")
|
|
h.Set("User-Agent", "curl/8.0")
|
|
h.Set("Accept", "*/*")
|
|
out := redactSensitiveHeaders(h)
|
|
Expect(out.Get("Content-Type")).To(Equal("application/json"))
|
|
Expect(out.Get("User-Agent")).To(Equal("curl/8.0"))
|
|
Expect(out.Get("Accept")).To(Equal("*/*"))
|
|
})
|
|
|
|
It("does not mutate the input header", func() {
|
|
h := http.Header{}
|
|
h.Set("Authorization", "Bearer abc")
|
|
_ = redactSensitiveHeaders(h)
|
|
Expect(h.Get("Authorization")).To(Equal("Bearer abc"),
|
|
"redactSensitiveHeaders must operate on a clone — caller's header must be untouched")
|
|
})
|
|
})
|