From 56a9c55a3f2919d0dcc93639c23df169aafc240a Mon Sep 17 00:00:00 2001 From: Mehdi Abaakouk Date: Wed, 24 Sep 2014 17:18:39 +0200 Subject: [PATCH] safe_log Sanitize Passwords in List of Dicts Sanitizes password fields found in lists of dicts for messages before logging. This change uses oslo.utils.strutils.mask_password to do it. Change-Id: I7cd1e53e2ced7ebf9c5942b7a0dbbeb991acab4d Closes-Bug: #1268459 --- oslo/messaging/_drivers/common.py | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/oslo/messaging/_drivers/common.py b/oslo/messaging/_drivers/common.py index 4d0b7a1e7..fa21a437d 100644 --- a/oslo/messaging/_drivers/common.py +++ b/oslo/messaging/_drivers/common.py @@ -27,6 +27,7 @@ from oslo import messaging from oslo.messaging._i18n import _ from oslo.messaging import _utils as utils from oslo.serialization import jsonutils +from oslo.utils import strutils LOG = logging.getLogger(__name__) @@ -70,8 +71,6 @@ _MESSAGE_KEY = 'oslo.message' _REMOTE_POSTFIX = '_Remote' -_SANITIZE = ['_context_auth_token', 'auth_token', 'new_pass'] - class RPCException(Exception): msg_fmt = _("An unknown RPC related exception occurred.") @@ -162,22 +161,9 @@ class Connection(object): raise NotImplementedError() -def _fix_passwords(d): - """Sanitizes the password fields in the dictionary.""" - for k in six.iterkeys(d): - if k.lower().find('password') != -1: - d[k] = '' - elif k.lower() in _SANITIZE: - d[k] = '' - elif isinstance(d[k], dict): - _fix_passwords(d[k]) - - return d - - def _safe_log(log_func, msg, msg_data): """Sanitizes the msg_data field before logging.""" - return log_func(msg, _fix_passwords(copy.deepcopy(msg_data))) + return log_func(msg, strutils.mask_password(six.text_type(msg_data))) def serialize_remote_exception(failure_info, log_failure=True):