ExternalVendorCode/tahoe-lafs
1
0
Fork 0
mirror of https://github.com/tahoe-lafs/tahoe-lafs.git synced 2025-04-27 06:20:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Censor private key values in the HTTP log, too.

Browse Source
This commit is contained in:
Jean-Paul Calderone 2023-01-12 16:16:55 -05:00
parent 47ec418f7a
commit c856f1aa29
2 changed files with 64 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/allmydata/test/web/test_webish.py
View File

@ -202,6 +202,16 @@ class TahoeLAFSSiteTests(SyncTestCase):
), ),
) )
def test_private_key_censoring(self):
"""
The log event for a request including a **private-key** query
argument has the private key value censored.
"""
self._test_censoring(
b"/uri?uri=URI:CHK:aaa:bbb&private-key=AAAAaaaabbbb==",
b"/uri?uri=[CENSORED]&private-key=[CENSORED]",
)
def test_uri_censoring(self): def test_uri_censoring(self):
""" """
The log event for a request for **/uri/<CAP>** has the capability value The log event for a request for **/uri/<CAP>** has the capability value

48
src/allmydata/webish.py
View File

@ -1,18 +1,12 @@
""" """
Ported to Python 3. General web server-related utilities.
""" """
from __future__ import absolute_import from __future__ import annotations
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
from future.utils import PY2
if PY2:
from future.builtins import filter, map, zip, ascii, chr, hex, input, next, oct, open, pow, round, super, bytes, dict, list, object, range, str, max, min # noqa: F401
from six import ensure_str from six import ensure_str
import re, time, tempfile import re, time, tempfile
from urllib.parse import parse_qsl, urlencode
from cgi import ( from cgi import (
FieldStorage, FieldStorage,
@ -45,10 +39,7 @@ from .web.storage_plugins import (
) )
if PY2: class FileUploadFieldStorage(FieldStorage):
FileUploadFieldStorage = FieldStorage
else:
class FileUploadFieldStorage(FieldStorage):
""" """
Do terrible things to ensure files are still bytes. Do terrible things to ensure files are still bytes.
@ -180,12 +171,7 @@ def _logFormatter(logDateTime, request):
queryargs = b"" queryargs = b""
else: else:
path, queryargs = x path, queryargs = x
# there is a form handler which redirects POST /uri?uri=FOO into queryargs = b"?" + censor(queryargs)
# GET /uri/FOO so folks can paste in non-HTTP-prefixed uris. Make
# sure we censor these too.
if queryargs.startswith(b"uri="):
queryargs = b"uri=[CENSORED]"
queryargs = b"?" + queryargs
if path.startswith(b"/uri/"): if path.startswith(b"/uri/"):
path = b"/uri/[CENSORED]" path = b"/uri/[CENSORED]"
elif path.startswith(b"/file/"): elif path.startswith(b"/file/"):
@ -207,6 +193,30 @@ def _logFormatter(logDateTime, request):
) )
def censor(queryargs: bytes) -> bytes:
"""
Replace potentially sensitive values in query arguments with a
constant string.
"""
args = parse_qsl(queryargs.decode("ascii"), keep_blank_values=True, encoding="utf8")
result = []
for k, v in args:
if k == "uri":
# there is a form handler which redirects POST /uri?uri=FOO into
# GET /uri/FOO so folks can paste in non-HTTP-prefixed uris. Make
# sure we censor these.
v = "[CENSORED]"
elif k == "private-key":
# Likewise, sometimes a private key is supplied with mutable
# creation.
v = "[CENSORED]"
result.append((k, v))
# Customize safe to try to leave our markers intact.
return urlencode(result, safe="[]").encode("ascii")
class TahoeLAFSSite(Site, object): class TahoeLAFSSite(Site, object):
""" """
The HTTP protocol factory used by Tahoe-LAFS. The HTTP protocol factory used by Tahoe-LAFS.