Request tab includes cookies

[eager]

Expected behavior

Cookies are filtered from request headers metadata, as Cookie is included in the default filters.

Observed behavior

Request tab contains a headers map with cookie present.

Steps to reproduce

We’re using bugsnag-spring with Spring Boot 2.0.9 and Tomcat 9.0.30.

Version

3.6.1

Additional information

It looks like the issue is that the underlying servlet implementation stores header keys case-insensitively, so the default Cookie filter does not match. When it comes to filtering, I think it would make sense to make all comparisons case-insensitive, so that a filter for "password" matches "USER_PASSWORD", "adminPassword", etc.

[eager]

Based on #113, it seems that the current case-sensitivity is intentional, but it’s unclear to me why it’s desired.

[abigailbramble]

Hi @eager - thanks for the report.
We are considering making this configuration option capable of taking regexes, which should meet your needs.

[eager]

We are considering making this configuration option capable of taking regexes, which should meet your needs.

@phillipsam good to know! Would (case-insensitive) regexes be the default, and would the defaults include the 4 current filters?

[fractalwrench]

Hi @eager - case-insensitive regexes would be fine, and I think it would make sense to include the 4 current filters.

We've designed a new API for redacting metadata values, which hasn't been scheduled for implementation on bugsnag-java yet. I can sketch out some of the details here if that would help #153:

redactedKeys

// Configuration.java
Collection<String> getRedactedKeys();
void setRedactedKeys(Collection<String> redactedKeys);

The requirements would be:

• values in the redactedKeys property should be compiled into a regex
• keys in MetaData should be matched against the values of redactedKeys and replaced with a placeholder string "[REDACTED]" if any key matches
• the filters property should be marked as deprecated and direct callers to use redactedKeys instead

If you have any questions about this please let me know.