fix: Logging sensitive data headers (#313)

rafalniski · web-flow · commit df25d0957a90 · 2025-02-19T09:56:36.000+01:00
* Avoid loggging headers in the request

* [maven-release-plugin] prepare release java-sdk-10.5.20

* [maven-release-plugin] prepare for next development iteration

* Update README.md
diff --git a/README.md b/README.md
@@ -76,14 +76,14 @@ Install the Contentful dependency:
 <dependency>
   <groupId>com.contentful.java</groupId>
   <artifactId>java-sdk</artifactId>
-  <version>10.5.18</version>
+  <version>10.5.20</version>
 </dependency>
 ```
 
 * _Gradle_
 
 ```groovy
-compile 'com.contentful.java:java-sdk:10.5.18'
+compile 'com.contentful.java:java-sdk:10.5.20'
 ```
 
 This library requires Java 8 (or higher version) or Android 21.
diff --git a/pom.xml b/pom.xml
@@ -3,7 +3,7 @@
 
   <groupId>com.contentful.java</groupId>
   <artifactId>java-sdk</artifactId>
-  <version>10.5.20-SNAPSHOT</version>
+  <version>10.5.21-SNAPSHOT</version>
   <packaging>jar</packaging>
 
   <name>${project.groupId}:${project.artifactId}</name>
diff --git a/src/main/java/com/contentful/java/cda/CDAHttpException.java b/src/main/java/com/contentful/java/cda/CDAHttpException.java
@@ -10,8 +10,6 @@
 import java.util.Locale;
 import java.util.concurrent.TimeUnit;
 
-import static java.lang.String.format;
-
 /**
  * This class will represent known Contentful exceptions
  */
@@ -55,14 +53,31 @@ private String readResponseBody(Response response) {
   }
 
   private String createString() {
-    return format(
-        Locale.getDefault(),
-        "FAILED REQUEST:\n\t%s\n\t╰→ Header{%s}\n\t%s\n\t├→ Body{%s}\n\t╰→ Header{%s}",
-        request.toString(),
-        headersToString(request.headers()),
-        response.toString(),
-        responseBody,
-        headersToString(response.headers()));
+    return String.format(
+            Locale.getDefault(),
+            "FAILED REQUEST:\n\t%s\n\t╰→ Header{%s}\n\t%s\n\t├→ Body{%s}\n\t╰→ Header{%s}",
+            toStringRequest(request),                  // Safe request string
+            headersToString(request.headers()),        // Already respects logSensitiveData
+            toStringResponse(response),                // Safe response string
+            responseBody,
+            headersToString(response.headers())        // Already respects logSensitiveData
+    );
+  }
+
+  private String toStringRequest(Request request) {
+    if (logSensitiveData) {
+      return request.toString();
+    } else {
+      return request.method() + " " + request.url();
+    }
+  }
+
+  private String toStringResponse(Response response) {
+    if (logSensitiveData) {
+      return response.toString();
+    } else {
+      return "HTTP " + response.code() + " " + response.message();
+    }
   }
 
   /**
