openfaas/of-watchdog

Hiding URL parameters in watchdog logs

andgonzalez-technisys opened this issue · 3 comments

andgonzalez-technisys commented

Hello,

I use OpenFaaS and see that full URLs with parameters show in watchdog logs. I see logs like:

GET /example?param1=data&param2=data... -

My questions:

Is there a way in OpenFaaS or watchdogs (of-watchdog or classic-watchdog) to hide parts of the URL in logs?
If not, has anyone found a solution for this?
Any advice on how to handle this without breaking OpenFaaS features?
Thank you for any help!

@alexellis

alexellis commented

Hi @andgonzalez-technisys

We have an issue template that you'll need to fill out if you'd like us to help you.

Once you've done that fully, please ping me again.

https://raw.githubusercontent.com/openfaas/of-watchdog/master/.github/ISSUE_TEMPLATE.md

Alex

andgonzalez-technisys commented

Hi @alexellis:

I use OpenFaaS and see that full URLs with parameters show in watchdog logs. I see logs like:

GET /example?param1=data&param2=data... -

My questions:

Is there a way in OpenFaaS or watchdogs (of-watchdog or classic-watchdog) to hide parts of the URL in logs?
If not, has anyone found a solution for this?
Any advice on how to handle this without breaking OpenFaaS features?
Thank you for any help!

Expected Behaviour

Possibility of setting a flag so that the watchdogs do not show the logs in the terminal

Current Behaviour

The logs are displayed in the terminal
GET /example?param1=data&param2=data... -

Possible Solution

Possibility of setting a flag so that watchdogs does not show the logs in the terminal, similar to the flag:
prefix_logs

Steps to Reproduce (for bugs)

At the end

Context

If sensitive data is sent via the URL, it is displayed in the watchdogs logs.

Your Environment

  • Docker version docker version (e.g. Docker 17.0.05 ):
    20.10.17

  • Are you using Kubernetes or faasd?
    Kubernetes

  • Operating System and version (e.g. Linux, Windows, MacOS):
    MacOS 13.2.1

  • Link to your project or a code example to reproduce issue:

Code Example:

handler.py

def handle(context):
    return {
        "statusCode": 200,
        "body": {
            "key": "value"
        },
        "headers": {
            "Location": "https://www.example.com/"
        }
    }

stack.yml

version: 1.0
provider:
  name: openfaas
  gateway: http://localhost:8080/
functions:
  logtest:
    lang: python3-flask
    handler: ./app
    image: logtest:latest
    build_args:
      TEST_ENABLED: "false"

faas-cli comands

faas-cli template pull https://github.com/openfaas-incubator/python-flask-template
faas-cli build
faas-cli push
faas-cli deploy

Logs

faas-cli logs logtest -g http://localhost:8080/
WARNING! You are not using an encrypted connection to the gateway, consider using HTTPS.
2023-10-06T20:02:21Z 2023/10/06 20:02:21 Version: 0.9.10        SHA: eefeb9dd8c979398a46fc0decc3297591362bfab
2023-10-06T20:02:21Z 2023/10/06 20:02:21 Forking: python, arguments: [index.py]
2023-10-06T20:02:21Z 2023/10/06 20:02:21 Started logging: stderr from function.
2023-10-06T20:02:21Z 2023/10/06 20:02:21 Started logging: stdout from function.
2023-10-06T20:02:21Z 2023/10/06 20:02:21 Watchdog mode: http    fprocess: "python index.py"
2023-10-06T20:02:21Z 2023/10/06 20:02:21 Timeouts: read: 10s write: 10s hard: 10s health: 10s
2023-10-06T20:02:21Z 2023/10/06 20:02:21 Listening on port: 8080
2023-10-06T20:02:21Z 2023/10/06 20:02:21 Writing lock-file to: /tmp/.lock
2023-10-06T20:02:21Z 2023/10/06 20:02:21 Metrics listening on port: 8081
2023-10-06T20:02:37Z 2023/10/06 20:02:37 GET /?sensibleData=123456 - 200 OK - ContentLength: 92B (0.0015s)
2023-10-06T20:07:09Z 2023/10/06 20:07:09 GET /?sensibleData=123456 - 200 OK - ContentLength: 92B (0.0014s)
andgonzalez-technisys commented

Hi @alexellis:

Any update on this post?