Merge "Fix Sensitive Header Censorship in Log"

2 years ago · 05a04650a5
2 changed files with 6 additions and 2 deletions
--- a/vmware_nsxlib/v3/cluster.py
+++ b/vmware_nsxlib/v3/cluster.py
@ -765,9 +765,13 @@ class ClusteredAPI(object):
                        kwargs['headers'] = kwargs.get('headers', {})
                        kwargs['headers'].update(conn.default_headers)
                    if not self._silent:
+                        # To censor sensitive headers before logging
+                        kwargs_copy = copy.copy(kwargs)
+                        kwargs_copy['headers'] = utils.censor_headers(
+                            kwargs_copy['headers'])
                        LOG.debug("API cluster proxy %s %s to %s with %s. "
                                  "Waited conn: %2.4f, rate: %2.4f",
-                                  proxy_for.upper(), uri, url, kwargs,
+                                  proxy_for.upper(), uri, url, kwargs_copy,
                                  conn_data.conn_wait, conn_data.rate_wait)

                    # call the actual connection method to do the
--- a/vmware_nsxlib/v3/utils.py
+++ b/vmware_nsxlib/v3/utils.py
@ -64,7 +64,7 @@ def set_inject_headers_callback(callback):


 def censor_headers(headers):
-    censored_headers = ['authorization', 'X-XSRF-TOKEN', 'Cookie']
+    censored_headers = ['authorization', 'x-xsrf-token', 'cookie']
    result = {}
    for name, value in headers.items():
        if name.lower() in censored_headers: