From 85d7526219655ff9d9a28cf618ab24555cacc5d0 Mon Sep 17 00:00:00 2001
From: Guo Xiang Tan <tgx_world@hotmail.com>
Date: Tue, 19 Jul 2016 15:33:49 +0800
Subject: [PATCH] FIX: Sanitize sensitive parameters in nginx log report.

---
 .../script/nginx_analyze.rb                               | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/plugins/discourse-nginx-performance-report/script/nginx_analyze.rb b/plugins/discourse-nginx-performance-report/script/nginx_analyze.rb
index c30045ee487..538cfc7bba6 100644
--- a/plugins/discourse-nginx-performance-report/script/nginx_analyze.rb
+++ b/plugins/discourse-nginx-performance-report/script/nginx_analyze.rb
@@ -33,6 +33,8 @@ class LogAnalyzer
         result.route += " (PUT)"
       end
 
+      result.url = self.sanitize_url(result.url)
+
       result
     end
 
@@ -43,6 +45,12 @@ class LogAnalyzer
     def parsed_timge
       DateTime.strptime(time, TIME_FORMAT) if time
     end
+
+    private
+
+    def self.sanitize_url(url)
+      url.gsub(/(api_key|api_user)=(\w+)/, '\1=[FILTERED]')
+    end
   end
 
   attr_reader :total_requests, :message_bus_requests, :filenames,