Permit excluding sensitive headers from dump on fatal error
#37 793 ouverte le 23 déc. 2024
Métriques du dépôt
- Stars
- (27 997 stars)
- Métriques de merge PR
- (Merge moyen 8j) (378 PRs mergées en 30 j)
Description
Description: On fatal error, Envoy will dump a stack trace and additional details about the program state to the log/stderr for debugging purposes. If this happens during handling of a request, the dumped information includes all request headers. This can cause sensitive information to appear in the stderr output.
For example, if the request uses basic authentication, the "Authorization" header containing base64-encoded credentials will be visible in the logs.
These specific prints happen in FilterManager::dumpState, in the line DUMP_DETAILS(filter_manager_callbacks_.requestHeaders()).
As far as I can tell, there is currently no option to disable this functionality. Would it be possible to provide such an option, either as runtime configuration, or even as a build-time setting?
If there is support for this request I don't mind taking a crack at the code, though I don't think I understand it well enough to make the filtering selective. (i.e.: So that it excludes the "Authorization" header but still dumps all the rest.)