从 clojure ring 应用程序的日志中过滤敏感参数
Filter sensitive parameters from logs in clojure ring app
我在我的应用程序中使用 wrap-with-logger(来自 ring.middleware.logger) and wrap-params (from ring.middleware.params)中间件。有什么简单的方法可以从日志中过滤敏感参数(密码、信用卡号等)?
您可以实施自定义 pre-logger 以根据您的需要过滤请求。
查看以下内容:
(use 'ring.adapter.jetty)
(require '[ring.middleware.logger :as logger])
(defn handler [request]
{:status 200
:headers {"Content-Type" "text/html"}
:body "Hello World"})
(run-jetty
(logger/wrap-with-logger
handler
:pre-logger
(fn [options req]
;; Filtering goes here
(let [filtered-req (filter-sensitive-data req)]
((:info options) "Filtered requrest is: " filtered-req))))
{:port 8080})
注意,虽然文档 claims that pre-logger accepts only one argument, truly it is two-arg function。
您也可以考虑迁移到 ring-logger which includes a feature to redact sensitive information:
By default, ring-logger will redact an authorization header or any param named password (at any nesting level). If you want ring-logger to redact other params you can configure the redact-keys option:
(wrap-with-logger app {:redact-keys #{:senha :token})
Ring-logger will walk through the params and headers and redact any key whose name is found in that redact-keys set.
还有 ring-logger-onelog that should make it very easy to migrate from ring.middleware.logger 到 ring-logger
我在我的应用程序中使用 wrap-with-logger(来自 ring.middleware.logger) and wrap-params (from ring.middleware.params)中间件。有什么简单的方法可以从日志中过滤敏感参数(密码、信用卡号等)?
您可以实施自定义 pre-logger 以根据您的需要过滤请求。
查看以下内容:
(use 'ring.adapter.jetty)
(require '[ring.middleware.logger :as logger])
(defn handler [request]
{:status 200
:headers {"Content-Type" "text/html"}
:body "Hello World"})
(run-jetty
(logger/wrap-with-logger
handler
:pre-logger
(fn [options req]
;; Filtering goes here
(let [filtered-req (filter-sensitive-data req)]
((:info options) "Filtered requrest is: " filtered-req))))
{:port 8080})
注意,虽然文档 claims that pre-logger accepts only one argument, truly it is two-arg function。
您也可以考虑迁移到 ring-logger which includes a feature to redact sensitive information:
By default, ring-logger will redact an authorization header or any param named
password(at any nesting level). If you want ring-logger to redact other params you can configure theredact-keysoption:(wrap-with-logger app {:redact-keys #{:senha :token})Ring-logger will walk through the params and headers and redact any key whose name is found in that
redact-keysset.
还有 ring-logger-onelog that should make it very easy to migrate from ring.middleware.logger 到 ring-logger