I am doing work in trying to santize the request and response DTO’s that are now being logged and that are also stored by the
It turns out that when an exception is thrown by the code (like an
UnAuthorizedAccessException) the raw request DTO is included in the StackTrace of the response (in DebugMode).
RequestLogsFeature stores multiple requests, and they are stored for review later, we simply cannot have secrets (eg. passwords) in plain view. For operational security (whether Debug or not).
I have been working on sanitising the result that comes back from
DtoUtils.CreateResponseStatus() in our custom
appHost.ServiceExceptionHandler filter, but if I return a sanitised responseStatus from that filter, no exception is thrown. If I return
null from that filter, then the response remains unsanitised (since our code is not used). Ideally, I would return our sanitised version and throw an exception. But that seems like not the way to proceed.
Is there another hook I need could look at to ensure that these raw request DTOs do not reach the
RequestLogs output (or any other place such as log files, where this stuff could be written in the framework? - not confident I could reliably enumerate all of those possibilities)
Ideally I would be providing my own `DtoUtils.CreateResponseStatus()’ method, but it is used all over the place.