From 5ba4227c1e5899b84a69e9f1fadb86d9d7c7bc63 Mon Sep 17 00:00:00 2001
From: Pekka Helenius <fincer89@hotmail.com>
Date: Mon, 12 Oct 2020 12:02:55 +0300
Subject: [PATCH] Prevent CSRF token leaks in server logs

Signed-off-by: Pekka Helenius <fincer89@hotmail.com>
---
 .../com/fjordtek/bookstore/service/HttpServerLogger.java    | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/bookstore/src/main/java/com/fjordtek/bookstore/service/HttpServerLogger.java b/bookstore/src/main/java/com/fjordtek/bookstore/service/HttpServerLogger.java
index 0257701..6597c13 100644
--- a/bookstore/src/main/java/com/fjordtek/bookstore/service/HttpServerLogger.java
+++ b/bookstore/src/main/java/com/fjordtek/bookstore/service/HttpServerLogger.java
@@ -43,6 +43,12 @@ public class HttpServerLogger {
 			while (requestParamNames.hasMoreElements()) {
 
 				String paramName     = requestParamNames.nextElement().toString();
+
+				/*
+				 * Do not log CSRF tokens
+				 */
+				if (paramName.contains("csrf")) continue;
+
 				String[] paramValues = request.getParameterValues(paramName);
 
 				requestParams.add(