From 52794ba78358e1811fe71d70ec1e917a9894a8f6 Mon Sep 17 00:00:00 2001 From: vcc <563879166@qq.com> Date: Fri, 15 May 2026 11:41:09 +0800 Subject: [PATCH] fix: remove response body from validateToken logging to prevent PII leak The validateToken function in providers/internal_util.go was logging the full response body which could contain sensitive user data (PII). - Remove result.Body() from success path log ( Printf ) - Remove result.Body() from error path log ( Errorf ) - Add test to verify response body is not present in log output Fixes #3431 Signed-off-by: vcc <563879166@qq.com> --- providers/internal_util.go | 4 ++-- providers/internal_util_test.go | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/providers/internal_util.go b/providers/internal_util.go index 49e1fd94..c6b08914 100644 --- a/providers/internal_util.go +++ b/providers/internal_util.go @@ -71,12 +71,12 @@ func validateToken(ctx context.Context, p Provider, accessToken string, header h return false } - logger.Printf("%d GET %s %s", result.StatusCode(), stripToken(endpoint), result.Body()) + logger.Printf("%d GET %s", result.StatusCode(), stripToken(endpoint)) if result.StatusCode() == 200 { return true } - logger.Errorf("token validation request failed: status %d - %s", result.StatusCode(), result.Body()) + logger.Errorf("token validation request failed: status %d", result.StatusCode()) return false } diff --git a/providers/internal_util_test.go b/providers/internal_util_test.go index 31952622..404f75ca 100644 --- a/providers/internal_util_test.go +++ b/providers/internal_util_test.go @@ -1,14 +1,17 @@ package providers import ( + "bytes" "context" "errors" "net/http" "net/http/httptest" "net/url" + "os" "testing" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger" "github.com/stretchr/testify/assert" ) @@ -139,6 +142,25 @@ func TestValidateSessionValidateURLWithQueryParams(t *testing.T) { assert.Equal(t, true, validateToken(context.Background(), vtTest.provider, "foobar", nil)) } +func TestValidateTokenDoesNotLogResponseBody(t *testing.T) { + vtTest := NewValidateSessionTest() + defer vtTest.Close() + vtTest.responseCode = 401 + + var buf bytes.Buffer + logger.SetOutput(&buf) + defer logger.SetOutput(os.Stdout) + + validateToken(context.Background(), vtTest.provider, "foobar", nil) + + output := buf.String() + // Response body from the test server is "only code matters; contents disregarded" + assert.NotContains(t, output, "only code matters") + assert.NotContains(t, output, "contents disregarded") + // But we should still see the status code logged + assert.Contains(t, output, "401") +} + func TestStripTokenNotPresent(t *testing.T) { test := "http://local.test/api/test?a=1&b=2" assert.Equal(t, test, stripToken(test))