Merge "Redact tokens in request headers"
This commit is contained in:
Jenkins
@@ -139,6 +139,13 @@ class Session(object):
|
|||||||
# debug log.
|
# debug log.
|
||||||
return
|
return
|
||||||
|
|
||||||
|
def process_header(header):
|
||||||
|
secure_headers = ('authorization', 'x-auth-token',
|
||||||
|
'x-subject-token',)
|
||||||
|
if header[0].lower() in secure_headers:
|
||||||
|
return (header[0], 'TOKEN_REDACTED')
|
||||||
|
return header
|
||||||
|
|
||||||
string_parts = ['REQ: curl -i']
|
string_parts = ['REQ: curl -i']
|
||||||
|
|
||||||
# NOTE(jamielennox): None means let requests do its default validation
|
# NOTE(jamielennox): None means let requests do its default validation
|
||||||
@@ -153,7 +160,7 @@ class Session(object):
|
|||||||
|
|
||||||
if headers:
|
if headers:
|
||||||
for header in six.iteritems(headers):
|
for header in six.iteritems(headers):
|
||||||
string_parts.append('-H "%s: %s"' % header)
|
string_parts.append('-H "%s: %s"' % process_header(header))
|
||||||
if json:
|
if json:
|
||||||
data = jsonutils.dumps(json)
|
data = jsonutils.dumps(json)
|
||||||
if data:
|
if data:
|
||||||
|
|||||||
@@ -11,6 +11,7 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import argparse
|
import argparse
|
||||||
|
import itertools
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
import mock
|
import mock
|
||||||
@@ -139,10 +140,15 @@ class SessionTests(utils.TestCase):
|
|||||||
def test_session_debug_output(self):
|
def test_session_debug_output(self):
|
||||||
session = client_session.Session(verify=False)
|
session = client_session.Session(verify=False)
|
||||||
headers = {'HEADERA': 'HEADERVALB'}
|
headers = {'HEADERA': 'HEADERVALB'}
|
||||||
|
security_headers = {'Authorization': uuid.uuid4().hex,
|
||||||
|
'X-Auth-Token': uuid.uuid4().hex,
|
||||||
|
'X-Subject-Token': uuid.uuid4().hex, }
|
||||||
body = 'BODYRESPONSE'
|
body = 'BODYRESPONSE'
|
||||||
data = 'BODYDATA'
|
data = 'BODYDATA'
|
||||||
self.stub_url('POST', text=body)
|
self.stub_url('POST', text=body)
|
||||||
session.post(self.TEST_URL, headers=headers, data=data)
|
all_headers = dict(
|
||||||
|
itertools.chain(headers.items(), security_headers.items()))
|
||||||
|
session.post(self.TEST_URL, headers=all_headers, data=data)
|
||||||
|
|
||||||
self.assertIn('curl', self.logger.output)
|
self.assertIn('curl', self.logger.output)
|
||||||
self.assertIn('POST', self.logger.output)
|
self.assertIn('POST', self.logger.output)
|
||||||
@@ -153,6 +159,9 @@ class SessionTests(utils.TestCase):
|
|||||||
for k, v in six.iteritems(headers):
|
for k, v in six.iteritems(headers):
|
||||||
self.assertIn(k, self.logger.output)
|
self.assertIn(k, self.logger.output)
|
||||||
self.assertIn(v, self.logger.output)
|
self.assertIn(v, self.logger.output)
|
||||||
|
for k, v in six.iteritems(security_headers):
|
||||||
|
self.assertIn(k, self.logger.output)
|
||||||
|
self.assertNotIn(v, self.logger.output)
|
||||||
|
|
||||||
|
|
||||||
class RedirectTests(utils.TestCase):
|
class RedirectTests(utils.TestCase):
|
||||||
|
|||||||
Reference in New Issue
Block a user