diff --git a/server/src/main/java/com/cloud/api/ApiServer.java b/server/src/main/java/com/cloud/api/ApiServer.java index 5e962cdb382..85d58ec0d53 100644 --- a/server/src/main/java/com/cloud/api/ApiServer.java +++ b/server/src/main/java/com/cloud/api/ApiServer.java @@ -39,6 +39,7 @@ import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.List; +import java.util.Arrays; import java.util.Map; import java.util.Set; import java.util.TimeZone; @@ -244,6 +245,12 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer @Inject private MessageBus messageBus; + private static final Set sensitiveFields = new HashSet<>(Arrays.asList( + "password", "secretkey", "apikey", "token", + "sessionkey", "accesskey", "signature", + "authorization", "credential", "secret" + )); + private static final ConfigKey IntegrationAPIPort = new ConfigKey<>(ConfigKey.CATEGORY_ADVANCED , Integer.class , "integration.api.port" @@ -610,10 +617,23 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer logger.error("invalid request, no command sent"); if (logger.isTraceEnabled()) { logger.trace("dumping request parameters"); - for (final Object key : params.keySet()) { - final String keyStr = (String)key; - final String[] value = (String[])params.get(key); - logger.trace(" key: " + keyStr + ", value: " + ((value == null) ? "'null'" : value[0])); + + for (final Object key : params.keySet()) { + final String keyStr = (String) key; + final String[] value = (String[]) params.get(key); + + String lowerKeyStr = keyStr.toLowerCase(); + boolean isSensitive = sensitiveFields.stream() + .anyMatch(lowerKeyStr::contains); + + String logValue; + if (isSensitive) { + logValue = "******"; // mask sensitive values + } else { + logValue = (value == null) ? "'null'" : value[0]; + } + + logger.trace(" key: " + keyStr + ", value: " + logValue); } } throw new ServerApiException(ApiErrorCode.UNSUPPORTED_ACTION_ERROR, "Invalid request, no command sent");