mirror of
https://github.com/tahoe-lafs/tahoe-lafs.git
synced 2025-04-28 15:02:29 +00:00
Censor private key values in the HTTP log, too.
This commit is contained in:
parent
47ec418f7a
commit
c856f1aa29
@ -202,6 +202,16 @@ class TahoeLAFSSiteTests(SyncTestCase):
|
||||
),
|
||||
)
|
||||
|
||||
def test_private_key_censoring(self):
|
||||
"""
|
||||
The log event for a request including a **private-key** query
|
||||
argument has the private key value censored.
|
||||
"""
|
||||
self._test_censoring(
|
||||
b"/uri?uri=URI:CHK:aaa:bbb&private-key=AAAAaaaabbbb==",
|
||||
b"/uri?uri=[CENSORED]&private-key=[CENSORED]",
|
||||
)
|
||||
|
||||
def test_uri_censoring(self):
|
||||
"""
|
||||
The log event for a request for **/uri/<CAP>** has the capability value
|
||||
|
@ -1,18 +1,12 @@
|
||||
"""
|
||||
Ported to Python 3.
|
||||
General web server-related utilities.
|
||||
"""
|
||||
from __future__ import absolute_import
|
||||
from __future__ import division
|
||||
from __future__ import print_function
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from future.utils import PY2
|
||||
if PY2:
|
||||
from future.builtins import filter, map, zip, ascii, chr, hex, input, next, oct, open, pow, round, super, bytes, dict, list, object, range, str, max, min # noqa: F401
|
||||
from __future__ import annotations
|
||||
|
||||
from six import ensure_str
|
||||
|
||||
import re, time, tempfile
|
||||
from urllib.parse import parse_qsl, urlencode
|
||||
|
||||
from cgi import (
|
||||
FieldStorage,
|
||||
@ -45,9 +39,6 @@ from .web.storage_plugins import (
|
||||
)
|
||||
|
||||
|
||||
if PY2:
|
||||
FileUploadFieldStorage = FieldStorage
|
||||
else:
|
||||
class FileUploadFieldStorage(FieldStorage):
|
||||
"""
|
||||
Do terrible things to ensure files are still bytes.
|
||||
@ -180,12 +171,7 @@ def _logFormatter(logDateTime, request):
|
||||
queryargs = b""
|
||||
else:
|
||||
path, queryargs = x
|
||||
# there is a form handler which redirects POST /uri?uri=FOO into
|
||||
# GET /uri/FOO so folks can paste in non-HTTP-prefixed uris. Make
|
||||
# sure we censor these too.
|
||||
if queryargs.startswith(b"uri="):
|
||||
queryargs = b"uri=[CENSORED]"
|
||||
queryargs = b"?" + queryargs
|
||||
queryargs = b"?" + censor(queryargs)
|
||||
if path.startswith(b"/uri/"):
|
||||
path = b"/uri/[CENSORED]"
|
||||
elif path.startswith(b"/file/"):
|
||||
@ -207,6 +193,30 @@ def _logFormatter(logDateTime, request):
|
||||
)
|
||||
|
||||
|
||||
def censor(queryargs: bytes) -> bytes:
|
||||
"""
|
||||
Replace potentially sensitive values in query arguments with a
|
||||
constant string.
|
||||
"""
|
||||
args = parse_qsl(queryargs.decode("ascii"), keep_blank_values=True, encoding="utf8")
|
||||
result = []
|
||||
for k, v in args:
|
||||
if k == "uri":
|
||||
# there is a form handler which redirects POST /uri?uri=FOO into
|
||||
# GET /uri/FOO so folks can paste in non-HTTP-prefixed uris. Make
|
||||
# sure we censor these.
|
||||
v = "[CENSORED]"
|
||||
elif k == "private-key":
|
||||
# Likewise, sometimes a private key is supplied with mutable
|
||||
# creation.
|
||||
v = "[CENSORED]"
|
||||
|
||||
result.append((k, v))
|
||||
|
||||
# Customize safe to try to leave our markers intact.
|
||||
return urlencode(result, safe="[]").encode("ascii")
|
||||
|
||||
|
||||
class TahoeLAFSSite(Site, object):
|
||||
"""
|
||||
The HTTP protocol factory used by Tahoe-LAFS.
|
||||
|
Loading…
x
Reference in New Issue
Block a user