Browse Source

Mask passwords in utils.trace for func params

The utils.trace helper is logging the args list to
the decorated function but is not masking passwords
in those args. This change adds a call to mask passwords
in the function args list.

Change-Id: I79480c6f9c3e3a9a917854139461650780e6e8b4
Closes-Bug: #1640251
changes/99/395099/1
Matt Riedemann 5 years ago
parent
commit
7af307bbe0
  1. 23
      os_brick/tests/test_utils.py
  2. 7
      os_brick/utils.py

23
os_brick/tests/test_utils.py

@ -269,3 +269,26 @@ class LogTracingTestCase(base.TestCase):
self.assertEqual(2, mock_log.debug.call_count)
self.assertIn("'adminPass': '***'",
str(mock_log.debug.call_args_list[1]))
def test_utils_trace_method_with_password_in_formal_params(self):
mock_logging = self.mock_object(utils, 'logging')
mock_log = mock.Mock()
mock_log.isEnabledFor = lambda x: True
mock_logging.getLogger = mock.Mock(return_value=mock_log)
@utils.trace
def _trace_test_method(*args, **kwargs):
self.assertEqual('verybadpass',
kwargs['connection']['data']['auth_password'])
pass
connector_properties = {
'data': {
'auth_password': 'verybadpass'
}
}
_trace_test_method(self, connection=connector_properties)
self.assertEqual(2, mock_log.debug.call_count)
self.assertIn("'auth_password': '***'",
str(mock_log.debug.call_args_list[0]))

7
os_brick/utils.py

@ -138,7 +138,12 @@ def trace(f):
all_args = inspect.getcallargs(f, *args, **kwargs)
logger.debug('==> %(func)s: call %(all_args)r',
{'func': func_name, 'all_args': all_args})
{'func': func_name,
# NOTE(mriedem): We have to stringify the dict first
# and don't use mask_dict_password because it results in
# an infinite recursion failure.
'all_args': strutils.mask_password(
six.text_type(all_args))})
start_time = time.time() * 1000
try:

Loading…
Cancel
Save