Documentation
¶
Overview ¶
Package scrub defines helpers for removing sensitive data from HTTP headers and URLs to make them safe for logging.
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( RestrictedHeaders = map[string]bool{ "cookie": true, "heroku-authorization-token": true, "heroku-two-factor-code": true, "heroku-umbrella-token": true, "http_authorization": true, "http_heroku_two_factor_code": true, "http_x_csrf_token": true, "oauth-access-token": true, "omniauth.auth": true, "set-cookie": true, "x-csrf-token": true, "x_csrf_token": true, "authorization": true, } )
The list of HTTP header names that will have their contents scrubbed of sensitive data.
View Source
var ( RestrictedParams = map[string]bool{ "access_token": true, "api_key": true, "authenticity_token": true, "body.trace_chain.0.extra.cookies": true, "body.trace_chain.0.extra.msg": true, "body.trace_chain.0.extra.session.csrf.token": true, "bouncer.refresh_token": true, "bouncer.token": true, "confirm_password": true, "fingerprint": true, "heroku_oauth_token": true, "heroku_session_nonce": true, "heroku_user_session": true, "key": true, "oauth_token": true, "old_secret": true, "passwd": true, "password": true, "password_confirmation": true, "postgres_session_nonce": true, "private_key": true, "request.cookies": true, "request.cookies.signup-sso-session": true, "request.params._csrf": true, "request.session._csrf_token": true, "request.session.csrf.token": true, "secret": true, "secret_token": true, "sudo_oauth_token": true, "super_user_session_secret": true, "token": true, "user_session_secret": true, "www-sso-session": true, } )
The list of URL parameter names that will have their contents scrubbed of sensitive data.
Functions ¶
func Header ¶
Header removes a subset of "sensitive" HTTP headers as used by parts of Heroku's conventions for API design. The output of this function is safe to be logged except in high-security scenarios.
Example ¶
h := http.Header{
"Authorization": []string{"Basic hunter2"},
}
scrubbed := Header(h)
val := scrubbed.Get("Authorization") // Will be `Basic [SCRUBBED]`
_ = val // do something with `val`
Output:
func URL ¶
URL removes a subset of "sensitive" URL parameters as used by parts of Heroku's conventions for API design. The output of this function is safe to be logged except in high-security scenarios.
Example ¶
u, err := url.Parse("https://google.com?api_key=hunter2")
if err != nil {
log.Fatal(err)
}
su := URL(u)
log.Println(su.String()) // should be `https://google.com?api_key=[SCRUBBED]`
Output:
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.