Filter query-string secrets out of logged URLs
Modify workhorse so that private-token and authenticity-token query-string parameters are not logged. Instead, they will be displayed as authenticity_token=[FILTERED]
. The remainder of the query string will be displayed unaltered
Every URL logged should be passed through ScrubURLParams. I looked into having a wrapper around the logWriter
in gitlab-workhorse/logging.go
, but this would slow down logging significantly and wouldn't be guaranteed to work anyway (since the message may be split into two Write()
calls across the query-string boundary).
Related to #71 (closed)
Edited by Nick Thomas