Skip to content

[fix](fe) Mask sensitive headers in stream load logs#62108

Open
liaoxin01 wants to merge 1 commit intoapache:masterfrom
liaoxin01:fix-streamload-mask-headers-master
Open

[fix](fe) Mask sensitive headers in stream load logs#62108
liaoxin01 wants to merge 1 commit intoapache:masterfrom
liaoxin01:fix-streamload-mask-headers-master

Conversation

@liaoxin01
Copy link
Copy Markdown
Contributor

@liaoxin01 liaoxin01 commented Apr 3, 2026

What problem does this PR solve?

Issue Number: None

Related PR: None

Problem Summary: FE stream load REST logs printed full request headers, which could leak Authorization and token values into INFO logs.

Release note

None

Check List (For Author)

  • Test: No completed automated test run in this environment. I attempted a FE build in a worktree and reached fe-core, but did not wait for full FE packaging to finish.
  • Behavior changed: No.
  • Does this need documentation: No

Copilot AI review requested due to automatic review settings April 3, 2026 16:02
@Thearas
Copy link
Copy Markdown
Contributor

Thearas commented Apr 3, 2026

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

  1. What problem was fixed (it's best to include specific error reporting information). How it was fixed.
  2. Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
  3. What features were added. Why was this function added?
  4. Which code was refactored and why was this part of the code refactored?
  5. Which functions were optimized and what is the difference before and after the optimization?

Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR reduces the risk of credential leakage by masking selected sensitive HTTP request headers when FE logs stream load REST requests.

Changes:

  • Mask values for a small set of sensitive headers (e.g., Authorization, token) in getAllHeaders().
  • Add isSensitiveHeader() helper to centralize the masking decision.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/LoadAction.java
Comment on lines +674 to +685
String headerValue = isSensitiveHeader(headerName) ? "***MASKED***" : request.getHeader(headerName);
headers.append(headerName).append(":").append(headerValue).append(", ");
}
return headers.toString();
}

private boolean isSensitiveHeader(String headerName) {
return "Authorization".equalsIgnoreCase(headerName)
|| "Proxy-Authorization".equalsIgnoreCase(headerName)
|| "token".equalsIgnoreCase(headerName)
|| "Auth-Token".equalsIgnoreCase(headerName);
}
Copy link

Copilot AI Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getAllHeaders() still logs every header name/value and only masks a small hard-coded set. Since FE auth can fall back to cookies (session-based auth), unmasked Cookie / Set-Cookie headers can leak session identifiers into INFO logs. Consider expanding the sensitive header list to include cookie headers (and ideally using a centralized allowlist/denylist such as a static Set of lowercased names) so future auth headers don’t get missed.

Copilot uses AI. Check for mistakes.
fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/LoadAction.java
Comment on lines 669 to 675
private String getAllHeaders(HttpServletRequest request) {
StringBuilder headers = new StringBuilder();
Enumeration<String> headerNames = request.getHeaderNames();
while (headerNames.hasMoreElements()) {
String headerName = headerNames.nextElement();
String headerValue = request.getHeader(headerName);
String headerValue = isSensitiveHeader(headerName) ? "***MASKED***" : request.getHeader(headerName);
headers.append(headerName).append(":").append(headerValue).append(", ");
Copy link

Copilot AI Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new masking behavior in getAllHeaders() is security-sensitive but currently untested. There are HTTPv2 REST action tests in this repo (e.g., GetLogFileActionTest uses reflection to test private helpers); adding a small unit test that verifies sensitive headers are masked (and non-sensitive headers are preserved) would help prevent regressions.

Copilot uses AI. Check for mistakes.
@liaoxin01
[fix](fe) Mask sensitive headers in stream load logs
012d589 
### What problem does this PR solve?

Issue Number: None

Related PR: None

Problem Summary: FE stream load REST logs printed full request headers, which could leak Authorization and token values into INFO logs.

### Release note

None

### Check List (For Author)

- Test: No need to test (log sanitization only; no completed automated test run in this environment)
- Behavior changed: No
- Does this need documentation: No
@liaoxin01 liaoxin01 force-pushed the fix-streamload-mask-headers-master branch from c55096e to 012d589 Compare April 3, 2026 16:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@liaoxin01 @Thearas