feat(okhttp): add redacted headers & parameters to the HTTP instrumentation tests

lemnik · lemnik · commit 241a01418805 · 2025-12-16T09:01:11.000Z
diff --git a/bugsnag-plugin-android-okhttp/src/main/java/com/bugsnag/android/okhttp/EventRequestHelper.kt b/bugsnag-plugin-android-okhttp/src/main/java/com/bugsnag/android/okhttp/EventRequestHelper.kt
@@ -22,11 +22,17 @@ internal fun Event.setHttpInfo(
     )
 
     request?.apply {
-        bodyLength = bodyLengthOf(instrumentedRequest.request)
+        val okReq = instrumentedRequest.request
+        bodyLength = bodyLengthOf(okReq)
         body = instrumentedRequest.reportedRequestBody
-        instrumentedRequest.request.headers.forEach { (name, value) ->
+        okReq.headers.forEach { (name, value) ->
             addHeader(name, value)
         }
+
+        val queryParams = okReq.url.queryParameterNames
+        queryParams.forEach { queryKey ->
+            addQueryParameter(queryKey, okReq.url.queryParameter(queryKey))
+        }
     }
 
     val okResp = instrumentedResponse?.response
diff --git a/features/fixtures/mazerunner/jvm-scenarios/src/main/java/com/bugsnag/android/mazerunner/scenarios/OkHttpInstrumentationScenario.kt b/features/fixtures/mazerunner/jvm-scenarios/src/main/java/com/bugsnag/android/mazerunner/scenarios/OkHttpInstrumentationScenario.kt
@@ -10,6 +10,7 @@ import okhttp3.OkHttpClient
 import okhttp3.Request
 import okhttp3.RequestBody.Companion.toRequestBody
 import org.json.JSONObject
+import java.util.regex.Pattern
 import kotlin.concurrent.thread
 
 private const val MAX_CAPTURE_BYTES = 32L
@@ -30,13 +31,21 @@ class OkHttpInstrumentationScenario(
         .addInterceptor(instrumentation.createInterceptor())
         .build()
 
-    private fun reflectionUrl(status: Int): String {
+    private fun reflectionUrl(status: Int): Uri {
         return Uri.parse(config.endpoints.notify)
             .buildUpon()
             .path("/reflect")
             .appendQueryParameter("status", status.toString())
+            .appendQueryParameter("password", "secret")
             .build()
-            .toString()
+    }
+
+    init {
+        config.redactedKeys = setOf(
+            "Cookie".toPattern(Pattern.LITERAL or Pattern.CASE_INSENSITIVE),
+            "Authorization".toPattern(Pattern.LITERAL or Pattern.CASE_INSENSITIVE),
+            ".*password.*".toPattern(Pattern.CASE_INSENSITIVE)
+        )
     }
 
     private fun requestType(): Pair<String, Int> {
@@ -55,12 +64,16 @@ class OkHttpInstrumentationScenario(
 
             val payload = JSONObject()
             payload.put("padding", "this is a string, and it goes on and on until it stops...here")
-            payload.put("url", reflectionUrl)
+            // we expect the output URL to not have a query string, so we help the scenario feature
+            // out by removing it in the reflection payload (allowing an "equals" match)
+            payload.put("url", reflectionUrl.buildUpon().clearQuery().build())
+            payload.put("status", status)
 
             val body = payload.toString().toRequestBody(JSON)
 
             val requestBuilder = Request.Builder()
-                .url(reflectionUrl)
+                .url(reflectionUrl.toString())
+                .header("Authorization", "Bearer OpenSesame")
                 .method(method, body.takeIf { method != "GET" })
 
             log("Sending request to $reflectionUrl")
diff --git a/features/full_tests/okhttp_instrumentation.feature b/features/full_tests/okhttp_instrumentation.feature
@@ -41,7 +41,9 @@ Feature: Capturing network breadcrumbs
     And the event "request.httpVersion" is not null
     And the event "request.bodyLength" is greater than 64
     And the error payload field "events.0.request.body" equals "{\"padding\":\"this is a string, an"
-    And the error payload field "request.url" equals the stored value "expectedUrl"
+    And the error payload field "events.0.request.url" equals the stored value "expectedUrl"
+    And the error payload field "events.0.request.headers.Authorization" equals "[REDACTED]"
+    And the error payload field "events.0.request.params.password" equals "[REDACTED]"
 
     # Validate response fields
     And the event "response.statusCode" equals 400
@@ -58,12 +60,12 @@ Feature: Capturing network breadcrumbs
     And the exception "message" matches "500: http://.+"
     And the event "context" matches "GET .+"
 
-    And the reflection payload field "url" is stored as the value "expectedUrl"
-
     # Validate request fields
     And the event "request.httpMethod" equals "GET"
     And the event "request.httpVersion" is not null
-    And the error payload field "request.url" equals the stored value "expectedUrl"
+    And the event "request.url" matches "^https?\:\/\/.+"
+    And the error payload field "events.0.request.headers.Authorization" equals "[REDACTED]"
+    And the error payload field "events.0.request.params.password" equals "[REDACTED]"
 
     # Validate response fields
     And the event "response.statusCode" equals 500

Original file line number	Diff line number	Diff line change
`@@ -22,11 +22,17 @@ internal fun Event.setHttpInfo(`
`22`	`22`	`)`
`23`	`23`
`24`	`24`	`request?.apply {`
`25`		`- bodyLength = bodyLengthOf(instrumentedRequest.request)`
	`25`	`+ val okReq = instrumentedRequest.request`
	`26`	`+ bodyLength = bodyLengthOf(okReq)`
`26`	`27`	`body = instrumentedRequest.reportedRequestBody`
`27`		`- instrumentedRequest.request.headers.forEach { (name, value) ->`
	`28`	`+ okReq.headers.forEach { (name, value) ->`
`28`	`29`	`addHeader(name, value)`
`29`	`30`	`}`
	`31`	`+`
	`32`	`+ val queryParams = okReq.url.queryParameterNames`
	`33`	`+ queryParams.forEach { queryKey ->`
	`34`	`+ addQueryParameter(queryKey, okReq.url.queryParameter(queryKey))`
	`35`	`+ }`
`30`	`36`	`}`
`31`	`37`
`32`	`38`	`val okResp = instrumentedResponse?.response`