Redact more sensitive http headers.

[ggreer]

Summary by CodeRabbit

• Bug Fixes
  • Improved redaction of sensitive headers in HTTP requests to better protect sensitive information. Enhanced detection logic now covers additional header types, including Custom-Api-Key, ensuring consistent masking of sensitive data.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR refactors the sensitive header detection mechanism in pkg/uhttp/wrapper.go from explicit prefix and case-specific checks to a list-based substring matching approach using a sensitiveStrings map. Test coverage is updated to include an additional sensitive header case. Redaction behavior remains unchanged.

Changes

Cohort / File(s)	Summary
Sensitive header detection refactoring pkg/uhttp/wrapper.go	Replaced hard-coded header name checks (HasPrefix, explicit switch cases for auth/cookie/token headers) with a loop-based approach iterating over sensitiveStrings list using strings.Contains for determining sensitivity. Redaction behavior unchanged.
Test updates pkg/uhttp/wrapper_test.go	Added test coverage for Custom-Api-Key as a sensitive header, updating both input headers map and expected redacted output.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Key focus areas:
  • Verify that all previously detected sensitive headers are included in the new sensitiveStrings list
  • Confirm substring matching behavior with strings.Contains covers all prior prefix-based checks (e.g., "auth", "cookie", "token")
  • Ensure test addition properly validates the new detection mechanism

Possibly related PRs

• Add RedactSensitiveHeaders function. #559: Concurrent modification of the same RedactSensitiveHeaders implementation in pkg/uhttp/wrapper.go with related test updates.

Suggested reviewers

• gontzess
• btipling
• kans

Poem

🐰 A hop through headers, old and new,
Sensitive strings in a list so true,
No more explicit checks to maintain,
Substring matching—simpler, plain!
Redaction flows just as before,
A cleaner codebase we explore. 🌿

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: refactoring header redaction logic to handle more sensitive HTTP headers by using a substring-based approach instead of explicit checks.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ggreer/redact-more-headers

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

pkg/uhttp/wrapper.go (1)

497-501: Clean implementation of the substring-based detection.

The loop correctly checks if any header key contains sensitive substrings. The approach is straightforward and maintainable.

Optional: Consider using a map for micro-optimization

If the list of sensitive strings grows significantly in the future, you could convert the slice to a map for O(1) lookup, though with only 7 items the current approach is perfectly fine:

var sensitiveStrings = map[string]bool{
    "api-key": true,
    "auth": true,
    // ...
}

// Then in the loop:
for sensitiveString := range sensitiveStrings {
    if strings.Contains(headerKey, sensitiveString) {
        sensitive = true
        break
    }
}

This is purely optional and not necessary at the current scale.

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d4853ab and fe3b80d.

📒 Files selected for processing (2)

• pkg/uhttp/wrapper.go (2 hunks)
• pkg/uhttp/wrapper_test.go (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: go-test (1.25.2, windows-latest)

🔇 Additional comments (2)

pkg/uhttp/wrapper.go (1)

479-487: Excellent refactoring with improved security coverage.

The centralized sensitiveStrings list is much more maintainable than scattered explicit checks. The addition of x-forwarded-for and x-forwarded-proto is particularly good for privacy, as these can leak client IP addresses and routing information.

Note that using substring matching (via Contains below) is intentionally broader than prefix matching—for example, headers like "Authentication-Info" or "Custom-Api-Key" will now be redacted, which aligns well with the PR's goal of redacting more sensitive headers.

pkg/uhttp/wrapper_test.go (1)

532-532: Good test coverage for the new substring matching behavior.

Adding "Custom-Api-Key" to the test suite effectively validates that the substring-based detection works for headers that aren't explicitly listed but contain sensitive patterns. This demonstrates the improved flexibility of the new approach.

Also applies to: 544-544