From ffd9df36c7dd1e9f51a065d05071813e79bb3293 Mon Sep 17 00:00:00 2001
From: Maksim Sitnikov <msitnikov1@yandex-team.ru>
Date: Fri, 2 Feb 2024 18:07:34 +0300
Subject: [PATCH] fix(sensitive-tokens): hide sensitive tokens on 'Request
 starter' log

---
 src/base-middleware.ts | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/base-middleware.ts b/src/base-middleware.ts
index e5b0a86..2496f0a 100644
--- a/src/base-middleware.ts
+++ b/src/base-middleware.ts
@@ -31,20 +31,20 @@ export function setupBaseMiddleware(ctx: AppContext, expressApp: Express) {
 
             req.ctx.setTag('http.hostname', req.hostname);
             req.ctx.setTag('http.method', req.method);
-            req.ctx.setTag('http.url', req.url);
-            req.ctx.setTag('path', req.path);
-            req.ctx.setTag('referer', req.get('referer'));
+            req.ctx.setTag('http.url', ctx.utils.redactSensitiveQueryParams(req.url));
+            req.ctx.setTag('path', ctx.utils.redactSensitiveQueryParams(req.path));
+            req.ctx.setTag('referer', ctx.utils.redactSensitiveQueryParams(req.get('referer')));
             req.ctx.setTag('remote_ip', req.ip);
             req.ctx.setTag('request_id', req.id);
             req.ctx.setTag('user_agent', userAgent);
 
             const requestStartedExtra = ctx.config.appDevMode
-                ? {url: req.url}
+                ? {url: ctx.utils.redactSensitiveQueryParams(req.url)}
                 : {
                       id: req.id,
                       method: req.method,
-                      url: req.url,
-                      headers: ctx.utils.redactSensitiveKeys(req.headers),
+                      url: ctx.utils.redactSensitiveQueryParams(req.url),
+                      headers: ctx.utils.redactSensitiveHeaders(req.headers),
                       remoteAddress: req.connection && req.connection.remoteAddress,
                       remotePort: req.connection && req.connection.remotePort,
                   };