openstack/python-neutronclient
Code Issues Proposed changes

Log SHA1 hash of X-Auth-Token value

Browse Source 
Remove logging of sensitive information like the
token value from X-Auth-Token. Instead log the sha1
hash of the token value, prefixed with '{SHA1}'.

Closes-Bug: #1367339
Change-Id: I72d2ff5ca569c942aa6896aeadab489ff0097255
This commit is contained in:
Lokesh S
2016-03-29 10:11:35 +00:00
committed by Brian Haley
parent 214854bf7a
commit d8fa792ee7
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
neutronclient/common/utils.py
View File

@@ -19,6 +19,7 @@
import argparse
import functools
import hashlib
import logging
import netaddr
import os
@@ -30,6 +31,8 @@ import six
from neutronclient._i18n import _
from neutronclient.common import exceptions
SENSITIVE_HEADERS = ('X-Auth-Token',)
def env(*vars, **kwargs):
"""Returns the first environment variable set.
@@ -167,8 +170,13 @@ def http_log_req(_logger, args, kwargs):
else:
string_parts.append(' %s' % element)
for element in kwargs['headers']:
header = ' -H "%s: %s"' % (element, kwargs['headers'][element])
for (key, value) in six.iteritems(kwargs['headers']):
if key in SENSITIVE_HEADERS:
v = value.encode('utf-8')
h = hashlib.sha1(v)
d = h.hexdigest()
value = "{SHA1}%s" % d
header = ' -H "%s: %s"' % (key, value)
string_parts.append(header)
if 'body' in kwargs and kwargs['body']: