@@ -66,6 +66,12 @@ Body: {{.Body}}`))
6666
6767var envDebug = false
6868
69+ // redactHeadersMap is a map of headers that should be redacted in logs,
70+ // mapping the header name to its redacted value.
71+ var redactHeadersMap = map [string ]string {
72+ "Authorization" : "Bearer *******************************" ,
73+ }
74+
6975// Client is a wrapper around the Resty client
7076type Client struct {
7177 resty * resty.Client
@@ -394,6 +400,19 @@ func (c *httpClient) applyAfterResponse(resp *http.Response) error {
394400 return nil
395401}
396402
403+ // nolint:unused
404+ func redactHeaders (headers http.Header ) http.Header {
405+ redacted := headers .Clone ()
406+
407+ for header , redactedValue := range redactHeadersMap {
408+ if headers .Get (header ) != "" {
409+ redacted .Set (header , redactedValue )
410+ }
411+ }
412+
413+ return redacted
414+ }
415+
397416// nolint:unused
398417func (c * httpClient ) logRequest (req * http.Request , method , url string , bodyBuffer * bytes.Buffer ) {
399418 var reqBody string
@@ -408,7 +427,7 @@ func (c *httpClient) logRequest(req *http.Request, method, url string, bodyBuffe
408427 err := reqLogTemplate .Execute (& logBuf , map [string ]any {
409428 "Method" : method ,
410429 "URL" : url ,
411- "Headers" : req .Header ,
430+ "Headers" : redactHeaders ( req .Header ) ,
412431 "Body" : reqBody ,
413432 })
414433 if err == nil {
@@ -418,6 +437,7 @@ func (c *httpClient) logRequest(req *http.Request, method, url string, bodyBuffe
418437
419438// nolint:unused
420439func (c * httpClient ) sendRequest (req * http.Request ) (* http.Response , error ) {
440+ // #nosec G704
421441 resp , err := c .httpClient .Do (req )
422442 if err != nil {
423443 if c .debug && c .logger != nil {
@@ -455,7 +475,7 @@ func (c *httpClient) logResponse(resp *http.Response) (*http.Response, error) {
455475
456476 err := respLogTemplate .Execute (& logBuf , map [string ]any {
457477 "Status" : resp .Status ,
458- "Headers" : resp .Header ,
478+ "Headers" : redactHeaders ( resp .Header ) ,
459479 "Body" : respBody .String (),
460480 })
461481 if err == nil {
@@ -826,10 +846,22 @@ func (c *Client) updateHostURL() {
826846 )
827847}
828848
849+ func redactLogHeaders (header http.Header ) {
850+ for h , redactedValue := range redactHeadersMap {
851+ if header .Get (h ) != "" {
852+ header .Set (h , redactedValue )
853+ }
854+ }
855+ }
856+
829857func (c * Client ) enableLogSanitization () * Client {
830858 c .resty .OnRequestLog (func (r * resty.RequestLog ) error {
831- // masking authorization header
832- r .Header .Set ("Authorization" , "Bearer *******************************" )
859+ redactLogHeaders (r .Header )
860+ return nil
861+ })
862+
863+ c .resty .OnResponseLog (func (r * resty.ResponseLog ) error {
864+ redactLogHeaders (r .Header )
833865 return nil
834866 })
835867
0 commit comments