postgresql_extensible: Censor also other security related conn params
While these aren't quite as sensitive as passwords, they do tend to be long filesystem paths that shouldn't be reported along with every measurement.
This commit is contained in:
parent
c159460b2c
commit
01b01c5969
|
@ -184,7 +184,7 @@ type scanner interface {
|
||||||
Scan(dest ...interface{}) error
|
Scan(dest ...interface{}) error
|
||||||
}
|
}
|
||||||
|
|
||||||
var passwordKVMatcher, _ = regexp.Compile("password=\\S+ ?")
|
var KVMatcher, _ = regexp.Compile("(password|sslcert|sslkey|sslmode|sslrootcert)=\\S+ ?")
|
||||||
|
|
||||||
func (p *Postgresql) SanitizedAddress() (_ string, err error) {
|
func (p *Postgresql) SanitizedAddress() (_ string, err error) {
|
||||||
var canonicalizedAddress string
|
var canonicalizedAddress string
|
||||||
|
@ -196,7 +196,7 @@ func (p *Postgresql) SanitizedAddress() (_ string, err error) {
|
||||||
} else {
|
} else {
|
||||||
canonicalizedAddress = p.Address
|
canonicalizedAddress = p.Address
|
||||||
}
|
}
|
||||||
p.sanitizedAddress = passwordKVMatcher.ReplaceAllString(canonicalizedAddress, "")
|
p.sanitizedAddress = KVMatcher.ReplaceAllString(canonicalizedAddress, "")
|
||||||
|
|
||||||
return p.sanitizedAddress, err
|
return p.sanitizedAddress, err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue