dom/telegraf
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

postgresql_extensible: Censor also other security related conn params

Browse Source 
While these aren't quite as sensitive as passwords, they do tend to be
long filesystem paths that shouldn't be reported along with
every measurement.
This commit is contained in:
Hannu Valtonen
2016-04-24 00:40:10 +03:00
committed by Mika Eloranta
parent 07728d7425
commit e7daf5094a
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/inputs/postgresql_extensible/postgresql_extensible.go
View File

@@ -184,7 +184,7 @@ type scanner interface {
Scan(dest ...interface{}) error
}
var passwordKVMatcher, _ = regexp.Compile("password=\\S+ ?")
var KVMatcher, _ = regexp.Compile("(password|sslcert|sslkey|sslmode|sslrootcert)=\\S+ ?")
func (p *Postgresql) SanitizedAddress() (_ string, err error) {
var canonicalizedAddress string
@@ -196,7 +196,7 @@ func (p *Postgresql) SanitizedAddress() (_ string, err error) {
} else {
canonicalizedAddress = p.Address
}
p.sanitizedAddress = passwordKVMatcher.ReplaceAllString(canonicalizedAddress, "")
p.sanitizedAddress = KVMatcher.ReplaceAllString(canonicalizedAddress, "")
return p.sanitizedAddress, err
}