Browse Source

Merge "Avoid logging sensitive information in http header"

tags/15.0.5^0
Zuul 6 days ago
parent
commit
dac4a83f28
3 changed files with 17 additions and 2 deletions
  1. +2
    -1
      vmware_nsxlib/v3/client.py
  2. +3
    -1
      vmware_nsxlib/v3/cluster.py
  3. +12
    -0
      vmware_nsxlib/v3/utils.py

+ 2
- 1
vmware_nsxlib/v3/client.py View File

@@ -225,7 +225,8 @@ class RESTClient(object):
if not silent:

LOG.debug("REST call: %s %s. Headers: %s. Body: %s",
method, request_url, request_headers,
method, request_url,
utils.censor_headers(request_headers),
self._mask_password(body))

ts = time.time()

+ 3
- 1
vmware_nsxlib/v3/cluster.py View File

@@ -323,7 +323,9 @@ class NSXRequestsHTTPProvider(AbstractHTTPProvider):
resp.headers[header_name])
LOG.info("Session create succeeded for endpoint %(url)s with "
"headers %(hdr)s",
{'url': provider.url, 'hdr': session.default_headers})
{'url': provider.url,
'hdr':
utils.censor_headers(session.default_headers)})


class NSXHTTPAdapter(adapters.HTTPAdapter):

+ 12
- 0
vmware_nsxlib/v3/utils.py View File

@@ -62,6 +62,18 @@ def set_inject_headers_callback(callback):
INJECT_HEADERS_CALLBACK = callback


def censor_headers(headers):
censored_headers = ['authorization']
result = {}
for name, value in headers.items():
if name.lower() in censored_headers:
result[name] = '--- CENSORED ---'
else:
result[name] = value

return result


def _update_resource_length(length):
global MAX_RESOURCE_TYPE_LEN
MAX_RESOURCE_TYPE_LEN = length

Loading…
Cancel
Save