dom
/
telegraf
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

postgresql_extensible: Censor also other security related conn params 

While these aren't quite as sensitive as passwords, they do tend to be
long filesystem paths that shouldn't be reported along with
every measurement.
This commit is contained in:
Hannu Valtonen 2016-04-24 00:40:10 +03:00 committed by Mika Eloranta
parent 07728d7425
commit e7daf5094a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/inputs/postgresql_extensible/postgresql_extensible.go
View File

@ -184,7 +184,7 @@ type scanner interface {
Scan(dest ...interface{}) error Scan(dest ...interface{}) error
} }
var passwordKVMatcher, _ = regexp.Compile("password=\\S+ ?") var KVMatcher, _ = regexp.Compile("(password|sslcert|sslkey|sslmode|sslrootcert)=\\S+ ?")
func (p *Postgresql) SanitizedAddress() (_ string, err error) { func (p *Postgresql) SanitizedAddress() (_ string, err error) {
var canonicalizedAddress string var canonicalizedAddress string
@ -196,7 +196,7 @@ func (p *Postgresql) SanitizedAddress() (_ string, err error) {
} else { } else {
canonicalizedAddress = p.Address canonicalizedAddress = p.Address
} }
p.sanitizedAddress = passwordKVMatcher.ReplaceAllString(canonicalizedAddress, "") p.sanitizedAddress = KVMatcher.ReplaceAllString(canonicalizedAddress, "")
return p.sanitizedAddress, err return p.sanitizedAddress, err
} }