-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrequest_sanitizer.go
101 lines (91 loc) · 2.82 KB
/
request_sanitizer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package hypert
import "net/http"
// RequestSanitizer ensures, that no sensitive data is written to the request records.
// The sanitized version would be stored, whilst the original one would be sent in the record mode.
// It is allowed to mutate the request in place, because it is copied before invoking the RoundTrip method.
type RequestSanitizer interface {
SanitizeRequest(req *http.Request) *http.Request
}
// DefaultRequestSanitizer returns a RequestSanitizer that sanitizes headers and query parameters.
func DefaultRequestSanitizer() RequestSanitizer {
return ComposedRequestSanitizer(
DefaultHeadersSanitizer(),
DefaultQueryParamsSanitizer(),
)
}
// RequestSanitizerFunc is a helper type for a function that implements RequestSanitizer interface.
type RequestSanitizerFunc func(req *http.Request) *http.Request
func (f RequestSanitizerFunc) SanitizeRequest(req *http.Request) *http.Request {
return f(req)
}
// ComposedRequestSanitizer is a sanitizer that sequentially runs passed sanitizers.
func ComposedRequestSanitizer(s ...RequestSanitizer) RequestSanitizer {
return RequestSanitizerFunc(func(req *http.Request) *http.Request {
for _, s := range s {
req = s.SanitizeRequest(req)
}
return req
})
}
// HeadersSanitizer sets listed headers to "SANITIZED".
// Lookup DefaultHeadersSanitizer for a default value.
func HeadersSanitizer(headers ...string) RequestSanitizer {
return RequestSanitizerFunc(func(req *http.Request) *http.Request {
for _, header := range headers {
if req.Header.Get(header) != "" {
req.Header.Set(header, "SANITIZED")
}
}
return req
})
}
// DefaultHeadersSanitizer is HeadersSanitizer with the most common headers that should be sanitized in most cases.
func DefaultHeadersSanitizer() RequestSanitizer {
return HeadersSanitizer(
"Authorization",
"Cookie",
"X-Auth-Token",
"X-API-Key",
"Proxy-Authorization",
"X-Forwarded-For",
"Referrer",
"X-Secret",
"X-Access-Token",
"X-Client-Secret",
"X-Client-ID",
"X-Auth",
"X-Auth-Token",
)
}
// SanitizerQueryParams sets listed query params in stored request URL to SANITIZED value.
// Lookup DefaultQueryParamsSanitizer for a default value.
func SanitizerQueryParams(params ...string) RequestSanitizer {
return RequestSanitizerFunc(func(req *http.Request) *http.Request {
q := req.URL.Query()
for _, param := range params {
if q.Has(param) {
q.Set(param, "SANITIZED")
}
}
req.URL.RawQuery = q.Encode()
return req
})
}
// DefaultQueryParamsSanitizer is SanitizerQueryParams with with the most common query params that should be sanitized in most cases.
func DefaultQueryParamsSanitizer() RequestSanitizer {
return SanitizerQueryParams(
"access_token",
"api_key",
"auth",
"key",
"auth_token",
"password",
"secret",
"token",
"client_secret",
"client_id",
"signature",
"sig",
"session",
)
}