Fix Sensitive Header Censorship in Log
- Add censoring of sensitive headers from being logged in _proxy() - Fix issue where Cookie and X-XSRF-TOKEN were not censored as intended Change-Id: I14b422a25b40d0014c05226f9ae4fe8be75e33fb
This commit is contained in:
parent
bcb3210760
commit
6b34416026
|
@ -762,9 +762,13 @@ class ClusteredAPI(object):
|
||||||
kwargs['headers'] = kwargs.get('headers', {})
|
kwargs['headers'] = kwargs.get('headers', {})
|
||||||
kwargs['headers'].update(conn.default_headers)
|
kwargs['headers'].update(conn.default_headers)
|
||||||
if not self._silent:
|
if not self._silent:
|
||||||
|
# To censor sensitive headers before logging
|
||||||
|
kwargs_copy = copy.copy(kwargs)
|
||||||
|
kwargs_copy['headers'] = utils.censor_headers(
|
||||||
|
kwargs_copy['headers'])
|
||||||
LOG.debug("API cluster proxy %s %s to %s with %s. "
|
LOG.debug("API cluster proxy %s %s to %s with %s. "
|
||||||
"Waited conn: %2.4f, rate: %2.4f",
|
"Waited conn: %2.4f, rate: %2.4f",
|
||||||
proxy_for.upper(), uri, url, kwargs,
|
proxy_for.upper(), uri, url, kwargs_copy,
|
||||||
conn_data.conn_wait, conn_data.rate_wait)
|
conn_data.conn_wait, conn_data.rate_wait)
|
||||||
|
|
||||||
# call the actual connection method to do the
|
# call the actual connection method to do the
|
||||||
|
|
|
@ -64,7 +64,7 @@ def set_inject_headers_callback(callback):
|
||||||
|
|
||||||
|
|
||||||
def censor_headers(headers):
|
def censor_headers(headers):
|
||||||
censored_headers = ['authorization', 'X-XSRF-TOKEN', 'Cookie']
|
censored_headers = ['authorization', 'x-xsrf-token', 'cookie']
|
||||||
result = {}
|
result = {}
|
||||||
for name, value in headers.items():
|
for name, value in headers.items():
|
||||||
if name.lower() in censored_headers:
|
if name.lower() in censored_headers:
|
||||||
|
|
Loading…
Reference in New Issue