Merge "Avoid logging sensitive information in http header"

2020-02-13 16:56:23 +00:00 · 2020-02-13 16:56:23 +00:00 · dac4a83f28
parent e89537c338 ae9d18cb8a
commit dac4a83f28
3 changed files with 17 additions and 2 deletions
--- a/vmware_nsxlib/v3/client.py
+++ b/vmware_nsxlib/v3/client.py
@ -225,7 +225,8 @@ class RESTClient(object):
        if not silent:

            LOG.debug("REST call: %s %s. Headers: %s. Body: %s",
-                      method, request_url, request_headers,
+                      method, request_url,
+                      utils.censor_headers(request_headers),
                      self._mask_password(body))

        ts = time.time()
--- a/vmware_nsxlib/v3/cluster.py
+++ b/vmware_nsxlib/v3/cluster.py
@ -323,7 +323,9 @@ class NSXRequestsHTTPProvider(AbstractHTTPProvider):
                            resp.headers[header_name])
                LOG.info("Session create succeeded for endpoint %(url)s with "
                         "headers %(hdr)s",
-                         {'url': provider.url, 'hdr': session.default_headers})
+                         {'url': provider.url,
+                          'hdr':
+                          utils.censor_headers(session.default_headers)})


 class NSXHTTPAdapter(adapters.HTTPAdapter):
--- a/vmware_nsxlib/v3/utils.py
+++ b/vmware_nsxlib/v3/utils.py
@ -62,6 +62,18 @@ def set_inject_headers_callback(callback):
    INJECT_HEADERS_CALLBACK = callback


+def censor_headers(headers):
+    censored_headers = ['authorization']
+    result = {}
+    for name, value in headers.items():
+        if name.lower() in censored_headers:
+            result[name] = '--- CENSORED ---'
+        else:
+            result[name] = value
+
+    return result
+
+
 def _update_resource_length(length):
    global MAX_RESOURCE_TYPE_LEN
    MAX_RESOURCE_TYPE_LEN = length