From 3e81f49519faca5d73c29ad333ea89846bcfb5e8 Mon Sep 17 00:00:00 2001 From: Seoyoung Park Date: Thu, 6 Feb 2025 16:55:41 +0900 Subject: [PATCH] [#12021] Hide sensitive information such as cookie data --- .../view/error/PinpointErrorAttributes.java | 6 +++++- .../web/view/error/PinpointErrorData.java | 18 +++++++++++++----- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/web/src/main/java/com/navercorp/pinpoint/web/view/error/PinpointErrorAttributes.java b/web/src/main/java/com/navercorp/pinpoint/web/view/error/PinpointErrorAttributes.java index 13385770939d..8a67540bf50f 100644 --- a/web/src/main/java/com/navercorp/pinpoint/web/view/error/PinpointErrorAttributes.java +++ b/web/src/main/java/com/navercorp/pinpoint/web/view/error/PinpointErrorAttributes.java @@ -1,6 +1,7 @@ package com.navercorp.pinpoint.web.view.error; import org.apache.commons.lang3.SystemUtils; +import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.web.error.ErrorAttributeOptions; import org.springframework.boot.web.servlet.error.DefaultErrorAttributes; import org.springframework.stereotype.Component; @@ -12,6 +13,9 @@ public class PinpointErrorAttributes extends DefaultErrorAttributes { private final String hostname; + @Value("${server.error.include-cookies:true}") + private boolean includeCookies; + public PinpointErrorAttributes() { this.hostname = SystemUtils.getHostName(); } @@ -32,7 +36,7 @@ private void removeDuplicateData(Map errorAttributes) { } private void addCustomData(WebRequest webRequest, Map errorAttributes) { - PinpointErrorData pinpointErrorData = new PinpointErrorData(this.hostname, webRequest); + PinpointErrorData pinpointErrorData = new PinpointErrorData(this.hostname, webRequest, includeCookies); errorAttributes.put("data", pinpointErrorData); } } \ No newline at end of file diff --git a/web/src/main/java/com/navercorp/pinpoint/web/view/error/PinpointErrorData.java b/web/src/main/java/com/navercorp/pinpoint/web/view/error/PinpointErrorData.java index 8cff72bc0d77..82af70000ab4 100644 --- a/web/src/main/java/com/navercorp/pinpoint/web/view/error/PinpointErrorData.java +++ b/web/src/main/java/com/navercorp/pinpoint/web/view/error/PinpointErrorData.java @@ -1,5 +1,6 @@ package com.navercorp.pinpoint.web.view.error; +import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonInclude; import org.springframework.web.context.request.ServletWebRequest; import org.springframework.web.context.request.WebRequest; @@ -15,9 +16,9 @@ public class PinpointErrorData { private final String hostName; private final RequestInfo requestInfo; - public PinpointErrorData(String hostName, WebRequest request) { + public PinpointErrorData(String hostName, WebRequest request, boolean includeCookies) { this.hostName = hostName; - this.requestInfo = new RequestInfo(request); + this.requestInfo = new RequestInfo(request, includeCookies); } public String getHostName() { @@ -34,13 +35,17 @@ public static class RequestInfo { private final Map> headers; private final Map parameters; - public RequestInfo(WebRequest request) { + @JsonIgnore + private boolean includeCookies = true; + + public RequestInfo(WebRequest request, boolean includeCookies) { + this.includeCookies = includeCookies; if (request instanceof ServletWebRequest webRequest) { this.method = webRequest.getRequest().getMethod(); this.headers = getRequestHeader(webRequest); this.parameters = request.getParameterMap(); } else { - this.method = "UNKNOWN"; + this.method = UNKNOWN; this.headers = null; this.parameters = null; } @@ -65,11 +70,14 @@ private Map> getRequestHeader(ServletWebRequest webRequest) } Map> result = new HashMap<>(); - while(keys.hasNext()) { + while (keys.hasNext()) { String key = keys.next(); if (key == null) { continue; } + if (key.equals("cookie") && !includeCookies) { + continue; + } result.put(key, List.of(webRequest.getHeaderValues(key))); }