diff options
| author | Joel Wright <joel.wright@sohonet.com> | 2016-02-19 13:18:15 +0000 |
|---|---|---|
| committer | Alistair Coles <alistair.coles@hpe.com> | 2016-03-08 12:17:18 +0000 |
| commit | d95d14ac10996e1efb50d1c34e29f3d692cde150 (patch) | |
| tree | f0041fa8e319e293ba1ae7faa2eca7efadf32552 /swiftclient/shell.py | |
| parent | ff880daccff57278129ed63b7d872c039f5e8fd2 (diff) | |
| download | python-swiftclient-stable/liberty.tar.gz | |
Do not reveal auth token in swiftclient log messages by defaultliberty-eolstable/liberty
Currently the swiftclient logs sensitive info in headers when logging
HTTP requests. This patch hides sensitive info in headers such as
'X-Auth-Token' in a similar way to swift itself (we add a
'reveal_sensitive_prefix' configuration to the client).
With this patch, tokens are truncated by removing the specified number
of characters, after which '...' is appended to the logged token to
indicate that it has been redacted.
Also include client.parse_header_string() for safe unicode handling
of header data.
Backport based on commits:
c3f06417049e17a8d45ee5926c5043cb6c8aa9ef
4d44dcf36086add13d3353915c014f095ab99c6d
ce569f46517e10f2ce0d27e9ee0a922ad1d84e2f
46d817828082105a69d4da53fef2f2fbefc54809
aa0edd00966237163451fc44cda2c593a5215cbe
Co-Authored-By: Tim Burke <tim.burke@gmail.com>
Co-Authored-By: Alistair Coles <alistair.coles@hpe.com>
Co-Authored-By: Li Cheng <shcli@cn.ibm.com>
Co-Authored-By: Zack M. Davis <zdavis@swiftstack.com>
Change-Id: I71fc5aad23bc076b06f75888c3ea507feffc7b48
Closes-bug: #1516692
Diffstat (limited to 'swiftclient/shell.py')
| -rwxr-xr-x | swiftclient/shell.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/swiftclient/shell.py b/swiftclient/shell.py index 652980f..eda6475 100755 --- a/swiftclient/shell.py +++ b/swiftclient/shell.py @@ -32,6 +32,7 @@ from swiftclient.utils import config_true_value, generate_temp_url, prt_bytes from swiftclient.multithreading import OutputManager from swiftclient.exceptions import ClientException from swiftclient import __version__ as client_version +from swiftclient.client import logger_settings as client_logger_settings from swiftclient.service import SwiftService, SwiftError, \ SwiftUploadObject, get_conn from swiftclient.command_helpers import print_account_stats, \ @@ -1414,6 +1415,7 @@ Examples: logging.getLogger("swiftclient") if options.debug: logging.basicConfig(level=logging.DEBUG) + client_logger_settings['redact_sensitive_headers'] = False elif options.info: logging.basicConfig(level=logging.INFO) |