Chore: Remove sensitive information from presigned URLs prior to logging (#87035)

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
2025-02-25 18:55:37 -06:00 · 2024-06-24 14:53:42 +02:00
parent 96fda0d6ea
commit 04f39457cf
6 changed files with 138 additions and 64 deletions
--- a/pkg/api/pluginproxy/ds_proxy.go
+++ b/pkg/api/pluginproxy/ds_proxy.go
@@ -373,13 +373,18 @@ func (proxy *DataSourceProxy) logRequest() {

 	panelPluginId := proxy.ctx.Req.Header.Get("X-Panel-Plugin-Id")

+	uri, err := util.SanitizeURI(proxy.ctx.Req.RequestURI)
+	if err == nil {
+		proxy.ctx.Logger.Error("Could not sanitize RequestURI", "error", err)
+	}
+
 	ctxLogger := logger.FromContext(proxy.ctx.Req.Context())
 	ctxLogger.Info("Proxying incoming request",
 		"userid", proxy.ctx.UserID,
 		"orgid", proxy.ctx.OrgID,
 		"username", proxy.ctx.Login,
 		"datasource", proxy.ds.Type,
-		"uri", proxy.ctx.Req.RequestURI,
+		"uri", uri,
 		"method", proxy.ctx.Req.Method,
 		"panelPluginId", panelPluginId,
 		"body", body)