oldkingnana opened a new pull request, #64914:
URL: https://github.com/apache/doris/pull/64914

   Mask Authorization, Proxy-Authorization, Auth-Token, and token values when 
rendering HTTP request headers for logs/debug strings.
   
   中文:对 Stream Load HTTP 请求日志中的敏感 Header 做脱敏,避免 
Authorization、Proxy-Authorization、Auth-Token 和 token 明文泄露。
   
   ### What problem does this PR solve?
   
   Issue Number: close #64514
   
   Related PR: None
   
   Problem Summary: Sensitive Stream Load HTTP headers may be exposed when 
request headers are rendered for logs or debug strings. This PR masks the 
values of Authorization, Proxy-Authorization, Auth-Token, and token to avoid 
leaking credentials in log/debug output.
   
   ### Release note
   
   None
   
   ### Check List (For Author)
   
   - Test <!-- At least one of them must be included. -->
       - [ ] Regression test
       - [X] Unit Test
       - [X] Manual test (add detailed scripts or steps below)
       - [ ] No need to test or manual test. Explain why:
           - [ ] This is a refactor/code format and no logic has been changed.
           - [ ] Previous test can cover this change.
           - [ ] No code files have been changed.
           - [ ] Other reason <!-- Add your reason?  -->
   
   Manual test:
   ```bash
   ./build-support/check-format.sh
   ./test/doris_be_test --gtest_filter=HttpRequestTest.*
   ```
   
   - Behavior changed:
       - [ ] No.
       - [X] Yes. <!-- Explain the behavior change -->
   
   Sensitive HTTP header values are now masked in request debug/log output. 
Non-sensitive headers are still rendered as before.
   
   - Does this need documentation?
       - [X] No.
       - [ ] Yes. <!-- Add document PR link here. eg: 
https://github.com/apache/doris-website/pull/1214 -->
   
   ### Check List (For Reviewer who merge this PR)
   
   - [ ] Confirm the release note
   - [ ] Confirm test cases
   - [ ] Confirm document
   - [ ] Add branch pick label <!-- Add branch pick label that this PR should 
merge into -->
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to