From 01b01c5969b934a5d2a5259ca42d65ec17ebab93 Mon Sep 17 00:00:00 2001
From: Hannu Valtonen <hannu.valtonen@ohmu.fi>
Date: Sun, 24 Apr 2016 00:40:10 +0300
Subject: [PATCH] postgresql_extensible: Censor also other security related
 conn params

While these aren't quite as sensitive as passwords, they do tend to be
long filesystem paths that shouldn't be reported along with
every measurement.
---
 plugins/inputs/postgresql_extensible/postgresql_extensible.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/inputs/postgresql_extensible/postgresql_extensible.go b/plugins/inputs/postgresql_extensible/postgresql_extensible.go
index 4ebf752ff..341811870 100644
--- a/plugins/inputs/postgresql_extensible/postgresql_extensible.go
+++ b/plugins/inputs/postgresql_extensible/postgresql_extensible.go
@@ -184,7 +184,7 @@ type scanner interface {
 	Scan(dest ...interface{}) error
 }
 
-var passwordKVMatcher, _ = regexp.Compile("password=\\S+ ?")
+var KVMatcher, _ = regexp.Compile("(password|sslcert|sslkey|sslmode|sslrootcert)=\\S+ ?")
 
 func (p *Postgresql) SanitizedAddress() (_ string, err error) {
 	var canonicalizedAddress string
@@ -196,7 +196,7 @@ func (p *Postgresql) SanitizedAddress() (_ string, err error) {
 	} else {
 		canonicalizedAddress = p.Address
 	}
-	p.sanitizedAddress = passwordKVMatcher.ReplaceAllString(canonicalizedAddress, "")
+	p.sanitizedAddress = KVMatcher.ReplaceAllString(canonicalizedAddress, "")
 
 	return p.sanitizedAddress, err
 }