envoyproxy/envoy

Permit excluding sensitive headers from dump on fatal error

Open

#37.793 aberto em 23 de dez. de 2024

Ver no GitHub
 (5 comments) (1 reaction) (1 assignee)C++ (5.373 forks)batch import
area/envoy_logenhancementhelp wanted

Métricas do repositório

Stars
 (27.997 stars)
Métricas de merge de PR
 (Mesclagem média 8d) (378 fundiu PRs em 30d)

Description

Description: On fatal error, Envoy will dump a stack trace and additional details about the program state to the log/stderr for debugging purposes. If this happens during handling of a request, the dumped information includes all request headers. This can cause sensitive information to appear in the stderr output.

For example, if the request uses basic authentication, the "Authorization" header containing base64-encoded credentials will be visible in the logs.

These specific prints happen in FilterManager::dumpState, in the line DUMP_DETAILS(filter_manager_callbacks_.requestHeaders()).

As far as I can tell, there is currently no option to disable this functionality. Would it be possible to provide such an option, either as runtime configuration, or even as a build-time setting?

If there is support for this request I don't mind taking a crack at the code, though I don't think I understand it well enough to make the filtering selective. (i.e.: So that it excludes the "Authorization" header but still dumps all the rest.)

Guia do colaborador