From e7daf5094ae48988e4e5627d1817cbb23fe57d60 Mon Sep 17 00:00:00 2001
From: Hannu Valtonen <hannu.valtonen@ohmu.fi>
Date: Sun, 24 Apr 2016 00:40:10 +0300
Subject: [PATCH] postgresql_extensible: Censor also other security related
 conn params

While these aren't quite as sensitive as passwords, they do tend to be
long filesystem paths that shouldn't be reported along with
every measurement.
---
 plugins/inputs/postgresql_extensible/postgresql_extensible.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/inputs/postgresql_extensible/postgresql_extensible.go b/plugins/inputs/postgresql_extensible/postgresql_extensible.go
index 4ebf752ff..341811870 100644
--- a/plugins/inputs/postgresql_extensible/postgresql_extensible.go
+++ b/plugins/inputs/postgresql_extensible/postgresql_extensible.go
@@ -184,7 +184,7 @@ type scanner interface {
 	Scan(dest ...interface{}) error
 }
 
-var passwordKVMatcher, _ = regexp.Compile("password=\\S+ ?")
+var KVMatcher, _ = regexp.Compile("(password|sslcert|sslkey|sslmode|sslrootcert)=\\S+ ?")
 
 func (p *Postgresql) SanitizedAddress() (_ string, err error) {
 	var canonicalizedAddress string
@@ -196,7 +196,7 @@ func (p *Postgresql) SanitizedAddress() (_ string, err error) {
 	} else {
 		canonicalizedAddress = p.Address
 	}
-	p.sanitizedAddress = passwordKVMatcher.ReplaceAllString(canonicalizedAddress, "")
+	p.sanitizedAddress = KVMatcher.ReplaceAllString(canonicalizedAddress, "")
 
 	return p.sanitizedAddress, err
 }