redact sensitive runtime config logging

This commit is contained in:
udo 2026-07-06 08:03:09 +00:00
parent a6cb1c0390
commit 125a24e2f9

View File

@ -1374,6 +1374,18 @@ void chmod_configured_socket(String path, String mode_value, mode_t fallback)
fprintf(stderr, "(!) Could not chmod socket %s to %04o: %s\n", path.c_str(), (unsigned int)mode, strerror(errno));
}
StringMap redacted_server_config_for_log(const StringMap& config)
{
StringMap redacted = config;
for(auto& entry : redacted)
{
String key = to_upper(entry.first);
if(key.find("PASSWORD") != String::npos || key.find("SECRET") != String::npos || key.find("TOKEN") != String::npos)
entry.second = "[redacted]";
}
return(redacted);
}
void init_base_process()
{
printf("(P) Starting parent server PID:%i\n", getpid());
@ -1385,7 +1397,7 @@ void init_base_process()
if(server_state.config["FCGI_PORT"] != "")
server.listen(int_val(server_state.config["FCGI_PORT"]));
printf("%s\n", var_dump(server_state.config).c_str());
printf("%s\n", var_dump(redacted_server_config_for_log(server_state.config)).c_str());
if(server_state.config["FCGI_SOCKET_PATH"] != "")
{