This is an automated email from the ASF dual-hosted git repository.
AlinsRan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 4cd2dc2ac fix: remove credential-leaking debug logs in logger plugins
(#13502)
4cd2dc2ac is described below
commit 4cd2dc2ac156f8c1c275be3dc77403bbe55d4022
Author: AlinsRan <[email protected]>
AuthorDate: Fri Jun 12 08:08:21 2026 +0800
fix: remove credential-leaking debug logs in logger plugins (#13502)
---
apisix/plugins/elasticsearch-logger.lua | 2 --
apisix/plugins/kafka-logger.lua | 2 --
apisix/plugins/rocketmq-logger.lua | 1 -
apisix/plugins/sls-logger.lua | 1 -
apisix/plugins/syslog/init.lua | 2 --
t/plugin/ai-proxy-kafka-log.t | 35 ++++++++++++++++++++++++++++++++
t/plugin/elasticsearch-logger.t | 22 ++++++++++++++++++++
t/plugin/elasticsearch-logger2.t | 22 ++++++++++++++++++++
t/plugin/kafka-logger-large-body.t | 35 ++++++++++++++++++++++++++++++++
t/plugin/kafka-logger-log-format.t | 35 ++++++++++++++++++++++++++++++++
t/plugin/kafka-logger.t | 35 ++++++++++++++++++++++++++++++++
t/plugin/kafka-logger2.t | 35 ++++++++++++++++++++++++++++++++
t/plugin/kafka-logger4.t | 35 ++++++++++++++++++++++++++++++++
t/plugin/rocketmq-logger-log-format.t | 35 ++++++++++++++++++++++++++++++++
t/plugin/rocketmq-logger.t | 35 ++++++++++++++++++++++++++++++++
t/plugin/rocketmq-logger2.t | 35 ++++++++++++++++++++++++++++++++
t/plugin/syslog.t | 36 +++++++++++++++++++++++++++++++++
17 files changed, 395 insertions(+), 8 deletions(-)
diff --git a/apisix/plugins/elasticsearch-logger.lua
b/apisix/plugins/elasticsearch-logger.lua
index af65f2cc1..a53f3c051 100644
--- a/apisix/plugins/elasticsearch-logger.lua
+++ b/apisix/plugins/elasticsearch-logger.lua
@@ -294,8 +294,6 @@ local function send_to_elasticsearch(conf, entries)
end
end
- core.log.info("uri: ", uri, ", body: ", body)
-
httpc:set_timeout(conf.timeout * 1000)
local resp, err = httpc:request_uri(uri, {
ssl_verify = conf.ssl_verify,
diff --git a/apisix/plugins/kafka-logger.lua b/apisix/plugins/kafka-logger.lua
index 0a9dcdf8c..318d21e92 100644
--- a/apisix/plugins/kafka-logger.lua
+++ b/apisix/plugins/kafka-logger.lua
@@ -292,8 +292,6 @@ function _M.log(conf, ctx)
return false, 'error occurred while encoding the data: ' .. err
end
- core.log.info("send data to kafka: ", data)
-
return send_kafka_data(conf, data, prod)
end
diff --git a/apisix/plugins/rocketmq-logger.lua
b/apisix/plugins/rocketmq-logger.lua
index 2618ca1c6..6610fb33e 100644
--- a/apisix/plugins/rocketmq-logger.lua
+++ b/apisix/plugins/rocketmq-logger.lua
@@ -194,7 +194,6 @@ function _M.log(conf, ctx)
return false, 'error occurred while encoding the data: ' .. err
end
- core.log.info("send data to rocketmq: ", data)
return send_rocketmq_data(conf, data, prod)
end
diff --git a/apisix/plugins/sls-logger.lua b/apisix/plugins/sls-logger.lua
index 320198064..c482f51ae 100644
--- a/apisix/plugins/sls-logger.lua
+++ b/apisix/plugins/sls-logger.lua
@@ -111,7 +111,6 @@ local function send_tcp_data(route_conf, log_message)
.. "] err: " .. err
end
- core.log.debug("sls logger send data ", log_message)
ok, err = sock:send(log_message)
if not ok then
res = false
diff --git a/apisix/plugins/syslog/init.lua b/apisix/plugins/syslog/init.lua
index 8a3d90e38..6ca07e7d0 100644
--- a/apisix/plugins/syslog/init.lua
+++ b/apisix/plugins/syslog/init.lua
@@ -88,7 +88,6 @@ function _M.push_entry(conf, ctx, entry)
local rfc5424_data = rfc5424.encode("SYSLOG", "INFO", ctx.var.host,
"apisix", ctx.var.pid, json_str)
- core.log.info("collect_data:" .. rfc5424_data)
if batch_processor_manager:add_entry(conf, rfc5424_data) then
return
end
@@ -99,7 +98,6 @@ function _M.push_entry(conf, ctx, entry)
local items = {}
for _, e in ipairs(entries) do
table_insert(items, e)
- core.log.debug("buffered logs:", e)
end
return send_syslog_data(conf, table_concat(items), cp_ctx)
diff --git a/t/plugin/ai-proxy-kafka-log.t b/t/plugin/ai-proxy-kafka-log.t
index 5a94f6a2d..757bbe178 100644
--- a/t/plugin/ai-proxy-kafka-log.t
+++ b/t/plugin/ai-proxy-kafka-log.t
@@ -31,6 +31,41 @@ add_block_preprocessor(sub {
}
});
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ # The plugin no longer logs the payload; reproduce the observability the
+ # tests rely on by logging each batch entry from a test-only hook.
+ my $extra_init_by_lua = <<_EOC_;
+ local bp_manager = require("apisix.utils.batch-processor-manager")
+ local core = require("apisix.core")
+ local function log_send_data(entry)
+ local data = type(entry) == "table" and core.json.encode(entry) or
entry
+ core.log.info("send data to kafka: ", data)
+ end
+ local old_add = bp_manager.add_entry
+ bp_manager.add_entry = function(self, conf, entry, max_pending_entries)
+ local ok = old_add(self, conf, entry, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+ local old_new = bp_manager.add_entry_to_new_processor
+ bp_manager.add_entry_to_new_processor = function(self, conf, entry, ctx,
func, max_pending_entries)
+ local ok = old_new(self, conf, entry, ctx, func, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+_EOC_
+
+ if (!defined $block->extra_init_by_lua) {
+ $block->set_value("extra_init_by_lua", $extra_init_by_lua);
+ }
+});
+
run_tests();
__DATA__
diff --git a/t/plugin/elasticsearch-logger.t b/t/plugin/elasticsearch-logger.t
index 7b081032a..64953d6a0 100644
--- a/t/plugin/elasticsearch-logger.t
+++ b/t/plugin/elasticsearch-logger.t
@@ -32,6 +32,28 @@ add_block_preprocessor(sub {
});
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ # The plugin no longer logs uri/body; reproduce the observability the
+ # tests rely on by wrapping the HTTP client from a test-only hook. This
+ # wraps whatever request_uri is in place (the real one or a per-block
+ # mock), so it composes with the existing mocks.
+ my $log_wrap = <<_EOC_;
+ do
+ local http = require("resty.http")
+ local core = require("apisix.core")
+ local _orig_request_uri = http.request_uri
+ http.request_uri = function(self, uri, params)
+ core.log.info("uri: ", uri, ", body: ", params and params.body or
"")
+ return _orig_request_uri(self, uri, params)
+ end
+ end
+_EOC_
+ $block->set_value("extra_init_by_lua",
+ ($block->extra_init_by_lua // '') . $log_wrap);
+});
+
run_tests();
__DATA__
diff --git a/t/plugin/elasticsearch-logger2.t b/t/plugin/elasticsearch-logger2.t
index e5b0fc8cb..e28cabe1d 100644
--- a/t/plugin/elasticsearch-logger2.t
+++ b/t/plugin/elasticsearch-logger2.t
@@ -32,6 +32,28 @@ add_block_preprocessor(sub {
});
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ # The plugin no longer logs uri/body; reproduce the observability the
+ # tests rely on by wrapping the HTTP client from a test-only hook. This
+ # wraps whatever request_uri is in place (the real one or a per-block
+ # mock), so it composes with the existing mocks.
+ my $log_wrap = <<_EOC_;
+ do
+ local http = require("resty.http")
+ local core = require("apisix.core")
+ local _orig_request_uri = http.request_uri
+ http.request_uri = function(self, uri, params)
+ core.log.info("uri: ", uri, ", body: ", params and params.body or
"")
+ return _orig_request_uri(self, uri, params)
+ end
+ end
+_EOC_
+ $block->set_value("extra_init_by_lua",
+ ($block->extra_init_by_lua // '') . $log_wrap);
+});
+
run_tests();
__DATA__
diff --git a/t/plugin/kafka-logger-large-body.t
b/t/plugin/kafka-logger-large-body.t
index ab87a9042..29c207e8a 100644
--- a/t/plugin/kafka-logger-large-body.t
+++ b/t/plugin/kafka-logger-large-body.t
@@ -52,6 +52,41 @@ _EOC_
$block->set_value("http_config", $http_config);
});
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ # The plugin no longer logs the payload; reproduce the observability the
+ # tests rely on by logging each batch entry from a test-only hook.
+ my $extra_init_by_lua = <<_EOC_;
+ local bp_manager = require("apisix.utils.batch-processor-manager")
+ local core = require("apisix.core")
+ local function log_send_data(entry)
+ local data = type(entry) == "table" and core.json.encode(entry) or
entry
+ core.log.info("send data to kafka: ", data)
+ end
+ local old_add = bp_manager.add_entry
+ bp_manager.add_entry = function(self, conf, entry, max_pending_entries)
+ local ok = old_add(self, conf, entry, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+ local old_new = bp_manager.add_entry_to_new_processor
+ bp_manager.add_entry_to_new_processor = function(self, conf, entry, ctx,
func, max_pending_entries)
+ local ok = old_new(self, conf, entry, ctx, func, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+_EOC_
+
+ if (!defined $block->extra_init_by_lua) {
+ $block->set_value("extra_init_by_lua", $extra_init_by_lua);
+ }
+});
+
run_tests;
__DATA__
diff --git a/t/plugin/kafka-logger-log-format.t
b/t/plugin/kafka-logger-log-format.t
index 95321826c..a4ec304e5 100644
--- a/t/plugin/kafka-logger-log-format.t
+++ b/t/plugin/kafka-logger-log-format.t
@@ -21,6 +21,41 @@ repeat_each(1);
no_long_string();
no_root_location();
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ # The plugin no longer logs the payload; reproduce the observability the
+ # tests rely on by logging each batch entry from a test-only hook.
+ my $extra_init_by_lua = <<_EOC_;
+ local bp_manager = require("apisix.utils.batch-processor-manager")
+ local core = require("apisix.core")
+ local function log_send_data(entry)
+ local data = type(entry) == "table" and core.json.encode(entry) or
entry
+ core.log.info("send data to kafka: ", data)
+ end
+ local old_add = bp_manager.add_entry
+ bp_manager.add_entry = function(self, conf, entry, max_pending_entries)
+ local ok = old_add(self, conf, entry, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+ local old_new = bp_manager.add_entry_to_new_processor
+ bp_manager.add_entry_to_new_processor = function(self, conf, entry, ctx,
func, max_pending_entries)
+ local ok = old_new(self, conf, entry, ctx, func, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+_EOC_
+
+ if (!defined $block->extra_init_by_lua) {
+ $block->set_value("extra_init_by_lua", $extra_init_by_lua);
+ }
+});
+
run_tests;
__DATA__
diff --git a/t/plugin/kafka-logger.t b/t/plugin/kafka-logger.t
index 90003e20c..7d8481917 100644
--- a/t/plugin/kafka-logger.t
+++ b/t/plugin/kafka-logger.t
@@ -28,6 +28,41 @@ add_block_preprocessor(sub {
}
});
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ # The plugin no longer logs the payload; reproduce the observability the
+ # tests rely on by logging each batch entry from a test-only hook.
+ my $extra_init_by_lua = <<_EOC_;
+ local bp_manager = require("apisix.utils.batch-processor-manager")
+ local core = require("apisix.core")
+ local function log_send_data(entry)
+ local data = type(entry) == "table" and core.json.encode(entry) or
entry
+ core.log.info("send data to kafka: ", data)
+ end
+ local old_add = bp_manager.add_entry
+ bp_manager.add_entry = function(self, conf, entry, max_pending_entries)
+ local ok = old_add(self, conf, entry, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+ local old_new = bp_manager.add_entry_to_new_processor
+ bp_manager.add_entry_to_new_processor = function(self, conf, entry, ctx,
func, max_pending_entries)
+ local ok = old_new(self, conf, entry, ctx, func, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+_EOC_
+
+ if (!defined $block->extra_init_by_lua) {
+ $block->set_value("extra_init_by_lua", $extra_init_by_lua);
+ }
+});
+
run_tests;
__DATA__
diff --git a/t/plugin/kafka-logger2.t b/t/plugin/kafka-logger2.t
index 84b6f90cd..c1fccb7eb 100644
--- a/t/plugin/kafka-logger2.t
+++ b/t/plugin/kafka-logger2.t
@@ -28,6 +28,41 @@ add_block_preprocessor(sub {
}
});
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ # The plugin no longer logs the payload; reproduce the observability the
+ # tests rely on by logging each batch entry from a test-only hook.
+ my $extra_init_by_lua = <<_EOC_;
+ local bp_manager = require("apisix.utils.batch-processor-manager")
+ local core = require("apisix.core")
+ local function log_send_data(entry)
+ local data = type(entry) == "table" and core.json.encode(entry) or
entry
+ core.log.info("send data to kafka: ", data)
+ end
+ local old_add = bp_manager.add_entry
+ bp_manager.add_entry = function(self, conf, entry, max_pending_entries)
+ local ok = old_add(self, conf, entry, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+ local old_new = bp_manager.add_entry_to_new_processor
+ bp_manager.add_entry_to_new_processor = function(self, conf, entry, ctx,
func, max_pending_entries)
+ local ok = old_new(self, conf, entry, ctx, func, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+_EOC_
+
+ if (!defined $block->extra_init_by_lua) {
+ $block->set_value("extra_init_by_lua", $extra_init_by_lua);
+ }
+});
+
run_tests;
__DATA__
diff --git a/t/plugin/kafka-logger4.t b/t/plugin/kafka-logger4.t
index b4d3e456d..95969705d 100644
--- a/t/plugin/kafka-logger4.t
+++ b/t/plugin/kafka-logger4.t
@@ -28,6 +28,41 @@ add_block_preprocessor(sub {
}
});
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ # The plugin no longer logs the payload; reproduce the observability the
+ # tests rely on by logging each batch entry from a test-only hook.
+ my $extra_init_by_lua = <<_EOC_;
+ local bp_manager = require("apisix.utils.batch-processor-manager")
+ local core = require("apisix.core")
+ local function log_send_data(entry)
+ local data = type(entry) == "table" and core.json.encode(entry) or
entry
+ core.log.info("send data to kafka: ", data)
+ end
+ local old_add = bp_manager.add_entry
+ bp_manager.add_entry = function(self, conf, entry, max_pending_entries)
+ local ok = old_add(self, conf, entry, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+ local old_new = bp_manager.add_entry_to_new_processor
+ bp_manager.add_entry_to_new_processor = function(self, conf, entry, ctx,
func, max_pending_entries)
+ local ok = old_new(self, conf, entry, ctx, func, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+_EOC_
+
+ if (!defined $block->extra_init_by_lua) {
+ $block->set_value("extra_init_by_lua", $extra_init_by_lua);
+ }
+});
+
run_tests;
__DATA__
diff --git a/t/plugin/rocketmq-logger-log-format.t
b/t/plugin/rocketmq-logger-log-format.t
index e7512dbc3..fc9d0753e 100644
--- a/t/plugin/rocketmq-logger-log-format.t
+++ b/t/plugin/rocketmq-logger-log-format.t
@@ -21,6 +21,41 @@ repeat_each(1);
no_long_string();
no_root_location();
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ # The plugin no longer logs the payload; reproduce the observability the
+ # tests rely on by logging each batch entry from a test-only hook.
+ my $extra_init_by_lua = <<_EOC_;
+ local bp_manager = require("apisix.utils.batch-processor-manager")
+ local core = require("apisix.core")
+ local function log_send_data(entry)
+ local data = type(entry) == "table" and core.json.encode(entry) or
entry
+ core.log.info("send data to rocketmq: ", data)
+ end
+ local old_add = bp_manager.add_entry
+ bp_manager.add_entry = function(self, conf, entry, max_pending_entries)
+ local ok = old_add(self, conf, entry, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+ local old_new = bp_manager.add_entry_to_new_processor
+ bp_manager.add_entry_to_new_processor = function(self, conf, entry, ctx,
func, max_pending_entries)
+ local ok = old_new(self, conf, entry, ctx, func, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+_EOC_
+
+ if (!defined $block->extra_init_by_lua) {
+ $block->set_value("extra_init_by_lua", $extra_init_by_lua);
+ }
+});
+
run_tests;
__DATA__
diff --git a/t/plugin/rocketmq-logger.t b/t/plugin/rocketmq-logger.t
index c657b6a13..cfa7ca669 100644
--- a/t/plugin/rocketmq-logger.t
+++ b/t/plugin/rocketmq-logger.t
@@ -28,6 +28,41 @@ add_block_preprocessor(sub {
}
});
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ # The plugin no longer logs the payload; reproduce the observability the
+ # tests rely on by logging each batch entry from a test-only hook.
+ my $extra_init_by_lua = <<_EOC_;
+ local bp_manager = require("apisix.utils.batch-processor-manager")
+ local core = require("apisix.core")
+ local function log_send_data(entry)
+ local data = type(entry) == "table" and core.json.encode(entry) or
entry
+ core.log.info("send data to rocketmq: ", data)
+ end
+ local old_add = bp_manager.add_entry
+ bp_manager.add_entry = function(self, conf, entry, max_pending_entries)
+ local ok = old_add(self, conf, entry, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+ local old_new = bp_manager.add_entry_to_new_processor
+ bp_manager.add_entry_to_new_processor = function(self, conf, entry, ctx,
func, max_pending_entries)
+ local ok = old_new(self, conf, entry, ctx, func, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+_EOC_
+
+ if (!defined $block->extra_init_by_lua) {
+ $block->set_value("extra_init_by_lua", $extra_init_by_lua);
+ }
+});
+
run_tests;
__DATA__
diff --git a/t/plugin/rocketmq-logger2.t b/t/plugin/rocketmq-logger2.t
index 0a9e298bf..7da7a9236 100644
--- a/t/plugin/rocketmq-logger2.t
+++ b/t/plugin/rocketmq-logger2.t
@@ -28,6 +28,41 @@ add_block_preprocessor(sub {
}
});
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ # The plugin no longer logs the payload; reproduce the observability the
+ # tests rely on by logging each batch entry from a test-only hook.
+ my $extra_init_by_lua = <<_EOC_;
+ local bp_manager = require("apisix.utils.batch-processor-manager")
+ local core = require("apisix.core")
+ local function log_send_data(entry)
+ local data = type(entry) == "table" and core.json.encode(entry) or
entry
+ core.log.info("send data to rocketmq: ", data)
+ end
+ local old_add = bp_manager.add_entry
+ bp_manager.add_entry = function(self, conf, entry, max_pending_entries)
+ local ok = old_add(self, conf, entry, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+ local old_new = bp_manager.add_entry_to_new_processor
+ bp_manager.add_entry_to_new_processor = function(self, conf, entry, ctx,
func, max_pending_entries)
+ local ok = old_new(self, conf, entry, ctx, func, max_pending_entries)
+ if ok then
+ log_send_data(entry)
+ end
+ return ok
+ end
+_EOC_
+
+ if (!defined $block->extra_init_by_lua) {
+ $block->set_value("extra_init_by_lua", $extra_init_by_lua);
+ }
+});
+
run_tests;
__DATA__
diff --git a/t/plugin/syslog.t b/t/plugin/syslog.t
index 9dbb03af8..7ce5c1ed8 100644
--- a/t/plugin/syslog.t
+++ b/t/plugin/syslog.t
@@ -20,6 +20,42 @@ repeat_each(1);
no_long_string();
no_root_location();
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ # The plugin no longer logs the rfc5424 payload; reproduce the
+ # observability the tests rely on by logging each batch entry from a
+ # test-only hook.
+ my $log_hook = <<_EOC_;
+ do
+ local bp_manager = require("apisix.utils.batch-processor-manager")
+ local core = require("apisix.core")
+ local function log_collect_data(entry)
+ local data = type(entry) == "table" and core.json.encode(entry) or
entry
+ core.log.info("collect_data:", data)
+ end
+ local _orig_add = bp_manager.add_entry
+ bp_manager.add_entry = function(self, conf, entry, max_pending_entries)
+ local ok = _orig_add(self, conf, entry, max_pending_entries)
+ if ok then
+ log_collect_data(entry)
+ end
+ return ok
+ end
+ local _orig_new = bp_manager.add_entry_to_new_processor
+ bp_manager.add_entry_to_new_processor = function(self, conf, entry,
ctx, func, max_pending_entries)
+ local ok = _orig_new(self, conf, entry, ctx, func,
max_pending_entries)
+ if ok then
+ log_collect_data(entry)
+ end
+ return ok
+ end
+ end
+_EOC_
+ $block->set_value("extra_init_by_lua",
+ ($block->extra_init_by_lua // '') . $log_hook);
+});
+
run_tests;
__DATA__
