Hide token id in logs

Until this time it was possible to get token id directly from logs. SecurityImpact Closes-Bug: #1503065 Change-Id: Iaaf06268bba8f437a0cd46c7393e1024d542888a
2015-10-06 14:37:36 +03:00 · 2015-10-06 14:37:36 +03:00 · d87a6656ba
parent 393cc984fe
commit d87a6656ba
1 changed files with 13 additions and 2 deletions
--- a/muranoclient/common/http.py
+++ b/muranoclient/common/http.py
@ -14,6 +14,7 @@
 #    under the License.

 import copy
+import hashlib
 import os
 import socket

@ -79,12 +80,22 @@ class HTTPClient(object):
            else:
                self.verify_cert = kwargs.get('cacert', get_system_ca_file())

+    def _safe_header(self, name, value):
+        if name in ['X-Auth-Token', 'X-Subject-Token']:
+            # because in python3 byte string handling is ... ug
+            v = value.encode('utf-8')
+            h = hashlib.sha1(v)
+            d = h.hexdigest()
+            return encodeutils.safe_decode(name), "{SHA1}%s" % d
+        else:
+            return (encodeutils.safe_decode(name),
+                    encodeutils.safe_decode(value))
+
    def log_curl_request(self, method, url, kwargs):
        curl = ['curl -i -X %s' % method]

        for (key, value) in kwargs['headers'].items():
-            header = '-H \'%s: %s\'' % (encodeutils.safe_decode(key),
-                                        encodeutils.safe_decode(value))
+            header = '-H \'%s: %s\'' % self._safe_header(key, value)
            curl.append(header)

        conn_params_fmt = [