[#12021] Hide sensitive information such as cookie data

pinpoint-apm · Feb 6, 2025 · a504cbd · a504cbd
1 parent ac8354d
commit a504cbd
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/web/src/main/java/com/navercorp/pinpoint/web/view/error/PinpointErrorAttributes.java b/web/src/main/java/com/navercorp/pinpoint/web/view/error/PinpointErrorAttributes.java
@@ -1,6 +1,7 @@
 package com.navercorp.pinpoint.web.view.error;
 
 import org.apache.commons.lang3.SystemUtils;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.error.ErrorAttributeOptions;
 import org.springframework.boot.web.servlet.error.DefaultErrorAttributes;
 import org.springframework.stereotype.Component;
@@ -12,6 +13,9 @@
 public class PinpointErrorAttributes extends DefaultErrorAttributes {
     private final String hostname;
 
+    @Value("${server.error.include-cookies:true}")
+    private boolean includeCookies;
+
     public PinpointErrorAttributes() {
         this.hostname = SystemUtils.getHostName();
     }
@@ -32,7 +36,7 @@ private void removeDuplicateData(Map<String, Object> errorAttributes) {
     }
 
     private void addCustomData(WebRequest webRequest, Map<String, Object> errorAttributes) {
-        PinpointErrorData pinpointErrorData = new PinpointErrorData(this.hostname, webRequest);
+        PinpointErrorData pinpointErrorData = new PinpointErrorData(this.hostname, webRequest, includeCookies);
         errorAttributes.put("data", pinpointErrorData);
     }
 }
diff --git a/web/src/main/java/com/navercorp/pinpoint/web/view/error/PinpointErrorData.java b/web/src/main/java/com/navercorp/pinpoint/web/view/error/PinpointErrorData.java
@@ -1,5 +1,6 @@
 package com.navercorp.pinpoint.web.view.error;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import org.springframework.web.context.request.ServletWebRequest;
 import org.springframework.web.context.request.WebRequest;
@@ -15,9 +16,9 @@ public class PinpointErrorData {
     private final String hostName;
     private final RequestInfo requestInfo;
 
-    public PinpointErrorData(String hostName, WebRequest request) {
+    public PinpointErrorData(String hostName, WebRequest request, boolean includeCookies) {
         this.hostName = hostName;
-        this.requestInfo = new RequestInfo(request);
+        this.requestInfo = new RequestInfo(request, includeCookies);
     }
 
     public String getHostName() {
@@ -34,13 +35,17 @@ public static class RequestInfo {
         private final Map<String, List<String>> headers;
         private final Map<String, String[]> parameters;
 
-        public RequestInfo(WebRequest request) {
+        @JsonIgnore
+        private boolean includeCookies = true;
+
+        public RequestInfo(WebRequest request, boolean includeCookies) {
+            this.includeCookies = includeCookies;
             if (request instanceof ServletWebRequest webRequest) {
                 this.method = webRequest.getRequest().getMethod();
                 this.headers = getRequestHeader(webRequest);
                 this.parameters = request.getParameterMap();
             } else {
-                this.method = "UNKNOWN";
+                this.method = UNKNOWN;
                 this.headers = null;
                 this.parameters = null;
             }
@@ -65,11 +70,14 @@ private Map<String, List<String>> getRequestHeader(ServletWebRequest webRequest)
             }
 
             Map<String, List<String>> result = new HashMap<>();
-            while(keys.hasNext()) {
+            while (keys.hasNext()) {
                 String key = keys.next();
                 if (key == null) {
                     continue;
                 }
+                if (key.equals("cookie") && !includeCookies) {
+                    continue;
+                }
                 result.put(key, List.of(webRequest.getHeaderValues(key)));
             }