Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't hide sensitive data #11

Open
jameskennedy opened this issue Feb 4, 2020 · 1 comment
Open

Can't hide sensitive data #11

jameskennedy opened this issue Feb 4, 2020 · 1 comment

Comments

@jameskennedy
Copy link

The Slow Query output includes arguments passed into the GraphQL query.
Since our application requires the frontend to post passwords, we can't have sangria-slowlog logging metrics for that particular mutation.

There should be a way to ignore particular mutations/queries or disable the inclusion of arguments.
yanns added a commit that referenced this issue Apr 28, 2020
@yanns
Merge pull request #11 from sangria-graphql-org/metrics-core_4.1.1
6111d50 
update metrics-core to 4.1.1
@yanns
Copy link
Contributor

yanns commented Dec 22, 2020

A possible solution:

class SafeMetricRenderer(override val unit: TimeUnit) extends DefaultMetricRenderer(unit) {
  override def renderLogMessage(durationNanos: Long, enrichedQuery: String) = {
    val enrichedQueryWithObfuscatedPasswords = enrichedQuery.replaceAll("([pP]assword\\s*:\\s*)\".*\"", "$1\"***\"")
    s"Slow GraphQL query [${renderDuration(durationNanos)}].\n\n$enrichedQueryWithObfuscatedPasswords"
  }
}

and use it like:

SlowLog(log.underlying, slowLogThreshold, addExtensions = profileExtension)(new SafeMetricRenderer(TimeUnit.MILLISECONDS))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yanns @jameskennedy