Browse Source

safe_log Sanitize Passwords in List of Dicts

Sanitizes password fields found in lists of dicts for messages
before logging.

This change uses oslo.utils.strutils.mask_password to do it.

Change-Id: I7cd1e53e2ced7ebf9c5942b7a0dbbeb991acab4d
Closes-Bug: #1268459
changes/59/123759/14
Mehdi Abaakouk 7 years ago
parent
commit
56a9c55a3f
  1. 18
      oslo/messaging/_drivers/common.py

18
oslo/messaging/_drivers/common.py

@ -27,6 +27,7 @@ from oslo import messaging
from oslo.messaging._i18n import _
from oslo.messaging import _utils as utils
from oslo.serialization import jsonutils
from oslo.utils import strutils
LOG = logging.getLogger(__name__)
@ -70,8 +71,6 @@ _MESSAGE_KEY = 'oslo.message'
_REMOTE_POSTFIX = '_Remote'
_SANITIZE = ['_context_auth_token', 'auth_token', 'new_pass']
class RPCException(Exception):
msg_fmt = _("An unknown RPC related exception occurred.")
@ -162,22 +161,9 @@ class Connection(object):
raise NotImplementedError()
def _fix_passwords(d):
"""Sanitizes the password fields in the dictionary."""
for k in six.iterkeys(d):
if k.lower().find('password') != -1:
d[k] = '<SANITIZED>'
elif k.lower() in _SANITIZE:
d[k] = '<SANITIZED>'
elif isinstance(d[k], dict):
_fix_passwords(d[k])
return d
def _safe_log(log_func, msg, msg_data):
"""Sanitizes the msg_data field before logging."""
return log_func(msg, _fix_passwords(copy.deepcopy(msg_data)))
return log_func(msg, strutils.mask_password(six.text_type(msg_data)))
def serialize_remote_exception(failure_info, log_failure=True):

Loading…
Cancel
Save