Browse Source

safe_log Sanitize Passwords in List of Dicts

sanitizes password fields found in lists of dicts for messages
before logging.

Change-Id: Ic3c3f7d43570fe99411a3f6bf9ef70de44104c53
Closes-Bug: #1268459
changes/60/66260/2
amcrn 8 years ago
parent
commit
22e971ac11
  1. 4
      openstack/common/rpc/common.py
  2. 11
      tests/unit/rpc/test_common.py

4
openstack/common/rpc/common.py

@ -269,6 +269,10 @@ def _safe_log(log_func, msg, msg_data):
d[k] = '<SANITIZED>'
elif k.lower() in SANITIZE:
d[k] = '<SANITIZED>'
elif isinstance(d[k], list):
for e in d[k]:
if isinstance(e, dict):
_fix_passwords(e)
elif isinstance(d[k], dict):
_fix_passwords(d[k])
return d

11
tests/unit/rpc/test_common.py

@ -367,6 +367,17 @@ class RpcCommonTestCase(test.BaseTestCase):
'dest_cell_name': 'cell!0001'}}
rpc_common._safe_log(logger_method, 'foo', data)
def test_safe_log_sanitizes_any_password_in_list_of_dicts(self):
def logger_method(msg, data):
self.assertEqual('<SANITIZED>', data['users'][0]['_password'])
self.assertEqual('<SANITIZED>', data['users'][1]['_password'])
users = [{'_host': '%', '_password': 'passw0rd', '_name': 'mydb'},
{'_host': '%', '_password': 'secret', '_name': 'newdb'}]
data = {'_request_id': 'req-44adf4ac-12bb-44c5-be3d-da2cc73b2e05',
'users': users}
rpc_common._safe_log(logger_method, 'foo', data)
def test_version_is_compatible_same(self):
self.assertTrue(rpc_common.version_is_compatible('1.23', '1.23'))

Loading…
Cancel
Save