Skip to content

Redact the authorization header from Debug impl #1699

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 18, 2024
Merged

Redact the authorization header from Debug impl #1699

merged 1 commit into from
Jul 18, 2024

Conversation

arpad-m
Copy link
Contributor

@arpad-m arpad-m commented Jul 10, 2024
edited
Loading

Right now, if you use the azure SDK and enable debug logging, the authorization header is printed in the debug logs through this place. Printing the authorization token is dangerous however as it might get into the logging infrastructure, and become available to people with read access to the logs.

Therefore, this commit adjusts the Debug impl of the Headers struct to not print the content of the authorization header.

@arpad-m
Copy link
Contributor Author

arpad-m commented Jul 10, 2024

@microsoft-github-policy-service agree company="Neon, Inc."

@arpad-m arpad-m changed the title Redact the authorization header from Debug Redact the authorization header from Debug impl Jul 10, 2024
@heaths heaths mentioned this pull request Jul 17, 2024
Closed
@heaths
Copy link
Member

heaths commented Jul 17, 2024

Thanks. This is a good temp workaround for this problem. I've opened an issue to track a larger effort and whether we should even do that for Debug impls. Probably, since it'd be easy for devs to just use it in logging and tracing, for example. /cc @JeffreyRichter @RickWinter

@heaths heaths enabled auto-merge (squash) July 17, 2024 23:03
auto-merge was automatically disabled July 18, 2024 13:46

Head branch was pushed to by a user without write access

@arpad-m arpad-m force-pushed the remove_request_logging branch from b1cf219 to c3f78ee Compare July 18, 2024 13:46
@arpad-m arpad-m requested a review from heaths July 18, 2024 13:47
@arpad-m
Copy link
Contributor Author

arpad-m commented Jul 18, 2024
edited
Loading

Rebased due to CI failure on nightly: https://github.com/Azure/azure-sdk-for-rust/actions/runs/9875575736/job/27588762903

@heaths heaths enabled auto-merge (squash) July 18, 2024 18:43
@heaths heaths merged commit 7a0e20c into Azure:main Jul 18, 2024
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RickWinter RickWinter Awaiting requested review from RickWinter RickWinter is a code owner

@JeffreyRichter JeffreyRichter Awaiting requested review from JeffreyRichter

@heaths heaths Awaiting requested review from heaths heaths is a code owner

Assignees
No one assigned
Labels
None yet
Projects
Azure SDK Rust
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arpad-m @heaths