MCPcopy
hub / github.com/dgraph-io/dgraph / checkRequestBody

Function checkRequestBody

audit/interceptor.go:324–348  ·  view source on GitHub ↗
(reqType string, path string, body string)

Source from the content-addressed store, hash-verified

322}
323
324func checkRequestBody(reqType string, path string, body string) string {
325 switch reqType {
326 case Grpc:
327 if skipReqBodyGrpc[path] {
328 regex, err := regexp.Compile(
329 `password[\s]?(.*?)[\s]?:[\s]?(.*?)[\s]?"[\s]?(.*?)[\s]?"`)
330 if err != nil {
331 return body
332 }
333 body = regex.ReplaceAllString(body, "*******")
334 }
335 case Http:
336 if path == "/admin" {
337 return maskPasswordFieldsInGQL(body)
338 } else if path == "/grapqhl" {
339 regex, err := regexp.Compile(
340 `check[\s]?(.*?)[\s]?Password[\s]?(.*?)[\s]?:[\s]?(.*?)[\s]?"[\s]?(.*?)[\s]?"`)
341 if err != nil {
342 return body
343 }
344 body = regex.ReplaceAllString(body, "*******")
345 }
346 }
347 return body
348}
349
350func getRequestBody(r *http.Request) []byte {
351 var in io.Reader = r.Body

Callers 2

auditGrpcFunction · 0.85
auditHttpFunction · 0.85

Calls 1

maskPasswordFieldsInGQLFunction · 0.85

Tested by

no test coverage detected