search

openfaas / nats-queue-worker

Queue-worker for OpenFaaS with NATS Streaming
https://docs.openfaas.com/reference/async/
MIT License
129 stars 59 forks source link

Feature request - don't log message contents #107

Closed fasilz closed 3 years ago

fasilz commented 3 years ago

The queue-worker logs all incoming request msg data, and thus could possiblly expose data not intended to be logged routinely.

Expected Behaviour

Not log incoming request body unless set on for debugging like https://github.com/openfaas/nats-queue-worker/blob/master/main.go#L76.

Current Behaviour

All incoming request msg are logged here: https://github.com/openfaas/nats-queue-worker/blob/master/main.go#L59

Possible Solution

Guard https://github.com/openfaas/nats-queue-worker/blob/master/main.go#L59 with a debug flag as it has been done at https://github.com/openfaas/nats-queue-worker/blob/master/main.go#L76

    if config.DebugPrintBody {
            log.Printf("[#%d] Received on [%s]: '%s'\n", i, msg.Subject, msg)
    }

Steps to Reproduce (for bugs)

1. 2. 3. 4.

Context

Your Environment

alexellis commented 3 years ago

/msg: enduser

derek[bot] commented 3 years ago

Thank you for your interest in OpenFaaS. This project is maintained and made available for hobbyists and commercial users alike, so we need to balance our time across everyone's needs. Whilst we are excited in your interest in using OpenFaaS, we would also ask you to take a look at our contribution guide on Setting expectations, support and SLAs.

Commercial users can purchase support in order to get dedicated help from OpenFaaS Ltd, or they can book ad-hoc consulting hours to get an engineer to dedicate time to helping them.

If that is not a good fit for you at this time, please check out the OpenFaaS GitHub Sponsors options which are priced for practitioners like yourself. Organisations can also sponsor through their GitHub billing relationship.

When you become a sponsor as an indvidual, it will show this on your issues and PRs, so that the community can see that you are supporting our work, and can prioritise your needs.

If you are receiving this message after having received hands-on support from the OpenFaaS community, please join GitHub Sponsors to say thank you for our time.

Thank you for supporting OpenFaaS.

alexellis commented 3 years ago

/set title: Feature request - don't log message contents

fasilz commented 3 years ago

Raised a PR to address this by redacting message content on logging : https://github.com/openfaas/nats-queue-worker/pull/108

alexellis commented 3 years ago

Thanks for your interest in the open source code.

If you're using OpenFaaS commercially, then do ask your manager about becoming a GitHub Sponsor or buying OpenFaaS PRO.

alexellis commented 3 years ago

This change is likely to go into OpenFaaS PRO, feel free to ask us about a license for your company: https://www.openfaas.com/support