openstack
/
os-brick
Code Issues Proposed changes

Mask passwords in utils.trace for func params

Browse Source 
The utils.trace helper is logging the args list to
the decorated function but is not masking passwords
in those args. This change adds a call to mask passwords
in the function args list.

Change-Id: I79480c6f9c3e3a9a917854139461650780e6e8b4
Closes-Bug: #1640251
changes/99/395099/1
Matt Riedemann 6 years ago
parent aa2779337c
commit 7af307bbe0
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File

23
os_brick/tests/test_utils.py
Unescape View File

@ -269,3 +269,26 @@ class LogTracingTestCase(base.TestCase):
self.assertEqual(2, mock_log.debug.call_count)
self.assertIn("'adminPass': '***'",
str(mock_log.debug.call_args_list[1]))
def test_utils_trace_method_with_password_in_formal_params(self):
mock_logging = self.mock_object(utils, 'logging')
mock_log = mock.Mock()
mock_log.isEnabledFor = lambda x: True
mock_logging.getLogger = mock.Mock(return_value=mock_log)
@utils.trace
def _trace_test_method(*args, **kwargs):
self.assertEqual('verybadpass',
kwargs['connection']['data']['auth_password'])
pass
connector_properties = {
'data': {
'auth_password': 'verybadpass'
}
}
_trace_test_method(self, connection=connector_properties)
self.assertEqual(2, mock_log.debug.call_count)
self.assertIn("'auth_password': '***'",
str(mock_log.debug.call_args_list[0]))

7
os_brick/utils.py
Unescape View File

@ -138,7 +138,12 @@ def trace(f):
all_args = inspect.getcallargs(f, *args, **kwargs)
logger.debug('==> %(func)s: call %(all_args)r',
{'func': func_name, 'all_args': all_args})
{'func': func_name,
# NOTE(mriedem): We have to stringify the dict first
# and don't use mask_dict_password because it results in
# an infinite recursion failure.
'all_args': strutils.mask_password(
six.text_type(all_args))})
start_time = time.time() * 1000
try:

Write Preview
Loading…
Cancel
Save