Gorouter: HTTP query parameters cannot be extracted from access logs #173
Comments
|
Do you want to suppress all query strings or just ones matching some regular expression? |
|
Hi Mike, Is the solution in the UAA based on regex? |
|
my 2 cents: instead of just dropping the entire query part we could hash it and write the hash in the log. this would still allow detection whether the same query was sent or a different one. e.g.: becomes instead of |
I'm not sure, but I appreciate that question. What other established patterns are there for doing something like this? Here's a related issue in envoy, for example: envoyproxy/envoy#7583 From a quick search, it doesn't look like anything has been merged yet for this (but I could be wrong). |
|
Hey @plowin , It looks like the way UAA handled this was by specifically redacting the values for query parameters with names Relevant UAA commits:
We would gladly accept a PR. However, lets agree on the design of the feature we want here first. We are happy to follow UAA's lead by redacting query parameters like If that sounds reasonable, we can help you with getting started. But if you have a different idea in mind, let's sort that out first. |
KauzClay
added
the
help wanted
|
I think the main difference to UAA is that we are UAA, we own it. So we know there are query parms like My thinking goes along these lines: Since we can't make assumptions on which params to hide, therefore we have to hide all of them. However this means two GET requests to the same path will look the same, even though they aren't. (one might take a lot longer b/c it had a page size of 500 while another one only had 10) So to retain at least the information if two requests are different, we could hash the query params and log the hash along with the request. I could think of a three-way flag like where |
|
@domdom82 that makes sense. I think your design makes sense if meets your requirements. If someone wants to add a Do you anticipate that you would prefer to use the |
Sure. We get constant pings by customers who want help with their apps. It would be useful for us to be able to at least tell two of their requests apart :-) |
|
I am on parental leave till mid September, I can provide a PR by then. @plowin if you or someone from the routing team wants to jump onto this earlier, feel free :-) We will have to introduce a config flag here: https://github.com/cloudfoundry/gorouter/blob/main/config/config.go#L120 The new flag needs to be exposed via BOSH spec probably somewhere around here: https://github.com/cloudfoundry/routing-release/blob/develop/jobs/gorouter/spec#L178 And don't forget the tests :-D |
|
Hi @mcwumbly @KauzClay I have opened #183 and cloudfoundry/gorouter#274 to support the feature as discussed. Feel free to comment / complain :) |
|
Hi @domdom82 🙏 thank you so much for submitting these PRs. I will add it to our backlog to review. |
jrussett
added
scheduled
Issue
In our environment, some stakeholder cannot prevent their customers from sending "secret" data in the GET parameters of their HTTP requests. A configuration to suppress query parameters in access logs would be helpful.
Context
We are consuming cf-deployment and would be happy if such a feature could reach one of the next gorouters/routing-releases. The issue has been discussed on Slack with @ameowlia. Even though sending secrets in GET parameters is listed as a CWE, the use-case exists and a workaround was also supported in the CF UAA
Steps to Reproduce
/var/vcap/sys/log/gorouter/access.logExpected result
/var/vcap/sys/log/gorouter/access.logPossible Fix
On slack it was suggested to dig for the respective code around the function makeRecord
Additional Context
I am not very familiar with the source code of the gorouter but would also try to work on a contribution for this issue.
Any hints or links on how to get started are highly appreciated.
The text was updated successfully, but these errors were encountered: