String-based headers/content sanitizer implementation
See original GitHub issueIt would be convenient if we provide a simple headers/content sanitizer which filters the stringified headers/content. For example, a user had to implement a sanitizer like the following:
@Nonnull
public static String changeLogWithoutSensitiveData(@Nonnull Object request) {
String requestMessage = request.toString();
if(!isRequireFiltering(requestMessage)) {
return requestMessage;
}
return filterSensitiveData(requestMessage);
}
private static boolean isRequireFiltering(@Nonnull String message) {
if(removeContentNames.stream().noneMatch(message::contains)) {
return false;
}
return true;
}
@Nonnull
private static String filterSensitiveData(@Nonnull String message) {
Matcher matcher;
for(Pattern pattern : removeContentRegxs) {
matcher = pattern.matcher(message);
message = matcher.replaceAll("");
}
return message;
}
We could make the following changes:
-
Change the return type of header sanitizers from
HttpHeaders
to?
so that a user can return any object such asString
. -
Provide an abstract sanitizer implementation that converts headers or content to a
String
and filters it as instructed by its abstract methods such asboolean needsSanitization()
andString sanitize(String)
.- Provide a concrete implementation that implements
needsSanitization()
andsanitize()
to filter theString
using regular expression(s).
- Provide a concrete implementation that implements
-
Add some convenience methods to
LoggingClient/ServiceBuilder
andRequestLog.toString*()
:new LoggingClientBuilder() .requestContentSanitizer(Pattern.compile(...), Pattern.compile(...)) ....
Issue Analytics
- State:
- Created 4 years ago
- Comments:13 (8 by maintainers)
Top Results From Across the Web
Armeria Newsletter vol. 0
#1810 String -based headers/content sanitizer implementation; #1934 :examples:static-files:test fails when a home directory has index.html .
Read more >HTML Sanitizer API - MDN Web Docs
The HTML Sanitizer API allow developers to take untrusted strings of HTML and Document or DocumentFragment objects, and sanitize them for ...
Read more >Safe DOM manipulation with the Sanitizer API - web.dev
The new Sanitizer API aims to build a robust processor for arbitrary strings to be safely inserted into a page. This article introduces...
Read more >HTML Sanitizer API - GitHub Pages
2.1 Sanitizer API; 2.2 String Handling; 2.3 The Configuration Dictionary. 2.3.1 Attribute Match Lists. 3 Algorithms. 3.1 API Implementation ...
Read more >LLVM Sanitizers | Android Open Source Project
AddressSanitizer ; UndefinedBehaviorSanitizer. Implementation; UBSan shortcuts; Better error reporting. Kernel Address Sanitizer.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@trustin I can implement this. I am new to the project but I am interested in contributing. Can I take this please?
@trustin There is a PR for this issue https://github.com/line/armeria/pull/2721