blackmwk commented on code in PR #2130:
URL: https://github.com/apache/iceberg-rust/pull/2130#discussion_r2796540370
##########
crates/catalog/rest/src/client.rs:
##########
@@ -278,14 +278,40 @@ pub(crate) async fn deserialize_catalog_response<R:
DeserializeOwned>(
})
}
+/// Headers that contain sensitive information and should be excluded from
logs.
+const SENSITIVE_HEADERS: &[&str] = &[
+ "authorization",
+ "proxy-authorization",
+ "set-cookie",
+ "cookie",
+ "x-api-key",
+ "x-auth-token",
+];
+
+/// Returns true if the header name is considered sensitive.
+fn is_sensitive_header(name: &str) -> bool {
+ let name_lower = name.to_lowercase();
+ SENSITIVE_HEADERS.iter().any(|h| name_lower == *h)
+}
+
+/// Filters out sensitive headers and returns a debug-formatted string.
+fn format_headers_redacted(headers: &HeaderMap) -> String {
+ let filtered: HashMap<&str, &str> = headers
+ .iter()
+ .filter(|(name, _)| !is_sensitive_header(name.as_str()))
+ .filter_map(|(name, value)| value.to_str().ok().map(|v|
(name.as_str(), v)))
+ .collect();
+ format!("{filtered:?}")
Review Comment:
The reason we want to keep them rather than removing them directly is that
if maybe confusing when missing these headers when debugging. Also, I would
prefer to add a config to disable the redaction. We could redact these header
by default, but we should allow user to disable it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
