From 304c9c632e97266eaca98166abb4230b70a37d0f Mon Sep 17 00:00:00 2001
From: Billy Zha <jinzha1@microsoft.com>
Date: Wed, 6 Dec 2023 10:40:41 +0800
Subject: [PATCH] feat: scrub Set-Cookie header in debug logs (#1190)

Signed-off-by: Billy Zha <jinzha1@microsoft.com>
---
 internal/trace/transport.go | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/internal/trace/transport.go b/internal/trace/transport.go
index a346f88d8..76630eb23 100644
--- a/internal/trace/transport.go
+++ b/internal/trace/transport.go
@@ -22,9 +22,17 @@ import (
 	"sync/atomic"
 )
 
-// requestCount records the number of logged request-response pairs and will
-// be used as the unique id for the next pair.
-var requestCount uint64
+var (
+	// requestCount records the number of logged request-response pairs and will
+	// be used as the unique id for the next pair.
+	requestCount uint64
+
+	// toScrub is a set of headers that should be scrubbed from the log.
+	toScrub = []string{
+		"Authorization",
+		"Set-Cookie",
+	}
+)
 
 // Transport is an http.RoundTripper that keeps track of the in-flight
 // request and add hooks to report HTTP tracing events.
@@ -68,8 +76,10 @@ func logHeader(header http.Header) string {
 	if len(header) > 0 {
 		headers := []string{}
 		for k, v := range header {
-			if strings.EqualFold(k, "Authorization") {
-				v = []string{"*****"}
+			for _, h := range toScrub {
+				if strings.EqualFold(k, h) {
+					v = []string{"*****"}
+				}
 			}
 			headers = append(headers, fmt.Sprintf("   %q: %q", k, strings.Join(v, ", ")))
 		}