diff options
author | Nick Thomas <nick@gitlab.com> | 2018-03-26 19:59:50 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2018-03-28 15:46:09 +0300 |
commit | 9c295131dd7ee64bbc19f46521f8568f75498975 (patch) | |
tree | 50517afa2dc7c2678e1e574336d3bdb5bbb8f6c7 /logging_test.go | |
parent | df613ba82df6e5a9b6a88fe695e2d29827cf44fa (diff) |
Don't log request or referer query strings
Diffstat (limited to 'logging_test.go')
-rw-r--r-- | logging_test.go | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/logging_test.go b/logging_test.go index bc557a71..8cabbde7 100644 --- a/logging_test.go +++ b/logging_test.go @@ -3,6 +3,7 @@ package main import ( "fmt" "net/http" + "net/http/httptest" "testing" "github.com/stretchr/testify/assert" @@ -28,6 +29,19 @@ func testLogWithDoubleStatus(ww http.ResponseWriter, r *http.Request) { http.Redirect(&w, r, "/test", 301) } +func TestExtractLogFieldsHidesQueryStrings(t *testing.T) { + w := httptest.NewRecorder() + r := httptest.NewRequest("GET", "/foo?token=bar", nil) + r.Header.Set("Referer", "http://invalid.com/bar?token=baz") + + l := newLoggingResponseWriter(w) + + fields := l.extractLogFields(r) + + assert.Equal(t, fields["uri"], "/foo") + assert.Equal(t, fields["referer"], "http://invalid.com/bar") +} + func TestLoggingWriter(t *testing.T) { assert.HTTPBodyContains(t, testLogWithStatus, "GET", "/test", nil, "with-status") assert.HTTPBodyContains(t, testLogWithoutStatus, "GET", "/test", nil, "no-status") |