Avoid logging sensitive information in http header

Change-Id: Ic30b8075cd46632ea68f04c15028b804f63b3947
changes/70/707470/2
Anna Khmelnitsky 3 years ago
parent 03fd42824e
commit ae9d18cb8a
  1. 3
      vmware_nsxlib/v3/client.py
  2. 4
      vmware_nsxlib/v3/cluster.py
  3. 12
      vmware_nsxlib/v3/utils.py

@ -224,7 +224,8 @@ class RESTClient(object):
if not silent:
LOG.debug("REST call: %s %s. Headers: %s. Body: %s",
method, request_url, request_headers,
method, request_url,
utils.censor_headers(request_headers),
self._mask_password(body))
ts = time.time()

@ -323,7 +323,9 @@ class NSXRequestsHTTPProvider(AbstractHTTPProvider):
resp.headers[header_name])
LOG.info("Session create succeeded for endpoint %(url)s with "
"headers %(hdr)s",
{'url': provider.url, 'hdr': session.default_headers})
{'url': provider.url,
'hdr':
utils.censor_headers(session.default_headers)})
class NSXHTTPAdapter(adapters.HTTPAdapter):

@ -62,6 +62,18 @@ def set_inject_headers_callback(callback):
INJECT_HEADERS_CALLBACK = callback
def censor_headers(headers):
censored_headers = ['authorization']
result = {}
for name, value in headers.items():
if name.lower() in censored_headers:
result[name] = '--- CENSORED ---'
else:
result[name] = value
return result
def _update_resource_length(length):
global MAX_RESOURCE_TYPE_LEN
MAX_RESOURCE_TYPE_LEN = length

Loading…
Cancel
Save