Home Explore Help
Sign In
dotnet
/
aspnetcore
mirror of https://github.com/dotnet/aspnetcore.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Turn RequestQuery off by default in HttpLogging (#34442)

* Turn RequestQuery off by default in HttpLogging

* Fix tests
William Godbe 4 years ago
parent
093dd618da
commit
df48473376
3 changed files with 8 additions and 9 deletions
Split View Show Diff Stats
  1. 7 2
      src/Middleware/HttpLogging/src/HttpLoggingFields.cs
  2. 1 1
      src/Middleware/HttpLogging/src/PublicAPI.Unshipped.txt
  3. 0 6
      src/Middleware/HttpLogging/test/HttpLoggingMiddlewareTests.cs

+ 7 - 2
src/Middleware/HttpLogging/src/HttpLoggingFields.cs
View File 

@@ -36,6 +36,11 @@ namespace Microsoft.AspNetCore.HttpLogging
 
         /// For example:
 
         /// Query: ?index=1
 
         /// </p>
 
+        /// RequestQuery contents can contain private information
 
+        /// which may have regulatory concerns under GDPR
 
+        /// and other laws. RequestQuery should not be logged
 
+        /// unless logs are secure and access controlled
 
+        /// and the privacy impact assessed.
 
         /// </summary>
 
         RequestQuery = 0x2,
 
 
@@ -131,10 +136,10 @@ namespace Microsoft.AspNetCore.HttpLogging
 
 
         /// <summary>
 
         /// Flag for logging a collection of HTTP Request properties,
 
-        /// including <see cref="RequestPath"/>, <see cref="RequestQuery"/>, <see cref="RequestProtocol"/>,
 
+        /// including <see cref="RequestPath"/>, <see cref="RequestProtocol"/>,
 
         /// <see cref="RequestMethod"/>, and <see cref="RequestScheme"/>.
 
         /// </summary>
 
-        RequestProperties = RequestPath | RequestQuery | RequestProtocol | RequestMethod | RequestScheme,
 
+        RequestProperties = RequestPath | RequestProtocol | RequestMethod | RequestScheme,
 
 
         /// <summary>
 
         /// Flag for logging HTTP Request properties and headers.

+ 1 - 1
src/Middleware/HttpLogging/src/PublicAPI.Unshipped.txt
View File 

@@ -8,7 +8,7 @@ Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestBody = 1024 -> Microso
 
 Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestHeaders = 64 -> Microsoft.AspNetCore.HttpLogging.HttpLoggingFields
 
 Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestMethod = 8 -> Microsoft.AspNetCore.HttpLogging.HttpLoggingFields
 
 Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestPath = 1 -> Microsoft.AspNetCore.HttpLogging.HttpLoggingFields
 
-Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestProperties = Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestPath | Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestQuery | Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestProtocol | Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestMethod | Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestScheme -> Microsoft.AspNetCore.HttpLogging.HttpLoggingFields
 
+Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestProperties = Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestPath | Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestProtocol | Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestMethod | Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestScheme -> Microsoft.AspNetCore.HttpLogging.HttpLoggingFields
 
 Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestPropertiesAndHeaders = Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestProperties | Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestHeaders -> Microsoft.AspNetCore.HttpLogging.HttpLoggingFields
 
 Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestProtocol = 4 -> Microsoft.AspNetCore.HttpLogging.HttpLoggingFields
 
 Microsoft.AspNetCore.HttpLogging.HttpLoggingFields.RequestQuery = 2 -> Microsoft.AspNetCore.HttpLogging.HttpLoggingFields

+ 0 - 6
src/Middleware/HttpLogging/test/HttpLoggingMiddlewareTests.cs
View File 

@@ -117,7 +117,6 @@ namespace Microsoft.AspNetCore.HttpLogging
 
             httpContext.Request.Scheme = "http";
 
             httpContext.Request.Path = new PathString("/foo");
 
             httpContext.Request.PathBase = new PathString("/foo");
 
-            httpContext.Request.QueryString = new QueryString("?foo");
 
             httpContext.Request.Headers["Connection"] = "keep-alive";
 
             httpContext.Request.ContentType = "text/plain";
 
             httpContext.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes("test"));
 
@@ -128,7 +127,6 @@ namespace Microsoft.AspNetCore.HttpLogging
 
             Assert.Contains(TestSink.Writes, w => w.Message.Contains("Scheme: http"));
 
             Assert.Contains(TestSink.Writes, w => w.Message.Contains("Path: /foo"));
 
             Assert.Contains(TestSink.Writes, w => w.Message.Contains("PathBase: /foo"));
 
-            Assert.Contains(TestSink.Writes, w => w.Message.Contains("QueryString: ?foo"));
 
             Assert.Contains(TestSink.Writes, w => w.Message.Contains("Connection: keep-alive"));
 
             Assert.DoesNotContain(TestSink.Writes, w => w.Message.Contains("Body: test"));
 
         }
 
@@ -160,7 +158,6 @@ namespace Microsoft.AspNetCore.HttpLogging
 
             httpContext.Request.Scheme = "http";
 
             httpContext.Request.Path = new PathString("/foo");
 
             httpContext.Request.PathBase = new PathString("/foo");
 
-            httpContext.Request.QueryString = new QueryString("?foo");
 
             httpContext.Request.Headers["Connection"] = "keep-alive";
 
             httpContext.Request.ContentType = "text/plain";
 
             httpContext.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes("test"));
 
@@ -171,7 +168,6 @@ namespace Microsoft.AspNetCore.HttpLogging
 
             Assert.Contains(TestSink.Writes, w => w.Message.Contains("Scheme: http"));
 
             Assert.Contains(TestSink.Writes, w => w.Message.Contains("Path: /foo"));
 
             Assert.Contains(TestSink.Writes, w => w.Message.Contains("PathBase: /foo"));
 
-            Assert.Contains(TestSink.Writes, w => w.Message.Contains("QueryString: ?foo"));
 
             Assert.Contains(TestSink.Writes, w => w.Message.Contains("Connection: keep-alive"));
 
             Assert.Contains(TestSink.Writes, w => w.Message.Contains("Body: test"));
 
         }
 
@@ -203,7 +199,6 @@ namespace Microsoft.AspNetCore.HttpLogging
 
             httpContext.Request.Scheme = "http";
 
             httpContext.Request.Path = new PathString("/foo");
 
             httpContext.Request.PathBase = new PathString("/foo");
 
-            httpContext.Request.QueryString = new QueryString("?foo");
 
             httpContext.Request.Headers["Connection"] = "keep-alive";
 
             httpContext.Request.ContentType = "text/plain";
 
             httpContext.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes("test"));
 
@@ -214,7 +209,6 @@ namespace Microsoft.AspNetCore.HttpLogging
 
             Assert.Contains(TestSink.Writes, w => w.Message.Contains("Scheme: http"));
 
             Assert.Contains(TestSink.Writes, w => w.Message.Contains("Path: /foo"));
 
             Assert.Contains(TestSink.Writes, w => w.Message.Contains("PathBase: /foo"));
 
-            Assert.Contains(TestSink.Writes, w => w.Message.Contains("QueryString: ?foo"));
 
             Assert.DoesNotContain(TestSink.Writes, w => w.Message.Contains("Connection: keep-alive"));
 
             Assert.DoesNotContain(TestSink.Writes, w => w.Message.Contains("Body: test"));
 
         }