Mask passwords in utils.trace for func params

The utils.trace helper is logging the args list to
the decorated function but is not masking passwords
in those args. This change adds a call to mask passwords
in the function args list.

Change-Id: I79480c6f9c3e3a9a917854139461650780e6e8b4
Closes-Bug: #1640251
This commit is contained in:
Matt Riedemann 2016-11-08 12:55:46 -05:00
parent aa2779337c
commit 7af307bbe0
2 changed files with 29 additions and 1 deletions

View File

@ -269,3 +269,26 @@ class LogTracingTestCase(base.TestCase):
self.assertEqual(2, mock_log.debug.call_count)
self.assertIn("'adminPass': '***'",
str(mock_log.debug.call_args_list[1]))
def test_utils_trace_method_with_password_in_formal_params(self):
mock_logging = self.mock_object(utils, 'logging')
mock_log = mock.Mock()
mock_log.isEnabledFor = lambda x: True
mock_logging.getLogger = mock.Mock(return_value=mock_log)
@utils.trace
def _trace_test_method(*args, **kwargs):
self.assertEqual('verybadpass',
kwargs['connection']['data']['auth_password'])
pass
connector_properties = {
'data': {
'auth_password': 'verybadpass'
}
}
_trace_test_method(self, connection=connector_properties)
self.assertEqual(2, mock_log.debug.call_count)
self.assertIn("'auth_password': '***'",
str(mock_log.debug.call_args_list[0]))

View File

@ -138,7 +138,12 @@ def trace(f):
all_args = inspect.getcallargs(f, *args, **kwargs)
logger.debug('==> %(func)s: call %(all_args)r',
{'func': func_name, 'all_args': all_args})
{'func': func_name,
# NOTE(mriedem): We have to stringify the dict first
# and don't use mask_dict_password because it results in
# an infinite recursion failure.
'all_args': strutils.mask_password(
six.text_type(all_args))})
start_time = time.time() * 1000
try: