[Heartbeat] redact authorization headers from logger (#26892)

vigneshshanmugam · mergify-bot · commit 84dcbd1c6ba7 · 2021-07-16T14:41:31.000Z
* [Heartbeat] redact authorization headers from logger * add proxy-auth headers to the list (cherry picked from commit 3598bd8)
diff --git a/libbeat/common/config_test.go b/libbeat/common/config_test.go
@@ -75,6 +75,28 @@ func TestConfigPrintDebug(t *testing.T) {
     }
   ]
 }
+`,
+		},
+		{
+			"config selector redacts authorization headers",
+			"config",
+			map[string]interface{}{
+				"config": map[string]interface{}{
+					"headers": map[string]interface{}{
+						"Authorization": "secret1",
+						"authorization": "secret2",
+					},
+				},
+			},
+			`test:
+{
+  "config": {
+    "headers": {
+      "Authorization": "xxxxx",
+      "authorization": "xxxxx"
+    }
+  }
+}
 `,
 		},
 		{
diff --git a/libbeat/common/logging.go b/libbeat/common/logging.go
@@ -17,6 +17,8 @@
 
 package common
 
+import "strings"
+
 var maskList = MakeStringSet(
 	"password",
 	"passphrase",
@@ -27,13 +29,15 @@ var maskList = MakeStringSet(
 	"urls",
 	"host",
 	"hosts",
+	"authorization",
+	"proxy-authorization",
 )
 
 func applyLoggingMask(c interface{}) {
 	switch cfg := c.(type) {
 	case map[string]interface{}:
 		for k, v := range cfg {
-			if maskList.Has(k) {
+			if maskList.Has(strings.ToLower(k)) {
 				if arr, ok := v.([]interface{}); ok {
 					for i := range arr {
 						arr[i] = "xxxxx"
