watcha
/
watcha-synapse
mirror of https://github.com/watcha-fr/synapse
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

Replace client_secret with <redacted> in server logs (#6158)

Browse Source 
Replace `client_secret` query parameter values with `<redacted>` in the logs. Prevents a scenario where a MITM of server traffic can horde 3pids on their account.
code_spécifique_watcha
Andrew Morgan 5 years ago committed by GitHub
parent aec1377d0b
commit 0f46bf5737
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      changelog.d/6158.bugfix
  2. 6
      synapse/http/__init__.py

1
changelog.d/6158.bugfix
Unescape View File

@ -0,0 +1 @@
Redact `client_secret` in server logs.

6
synapse/http/__init__.py
Unescape View File

@ -42,11 +42,13 @@ def cancelled_to_request_timed_out_error(value, timeout):
ACCESS_TOKEN_RE = re.compile(r"(\?.*access(_|%5[Ff])token=)[^&]*(.*)$") ACCESS_TOKEN_RE = re.compile(r"(\?.*access(_|%5[Ff])token=)[^&]*(.*)$")
CLIENT_SECRET_RE = re.compile(r"(\?.*client(_|%5[Ff])secret=)[^&]*(.*)$")
def redact_uri(uri): def redact_uri(uri):
"""Strips access tokens from the uri replaces with <redacted>""" """Strips sensitive information from the uri replaces with <redacted>"""
return ACCESS_TOKEN_RE.sub(r"\1<redacted>\3", uri) uri = ACCESS_TOKEN_RE.sub(r"\1<redacted>\3", uri)
return CLIENT_SECRET_RE.sub(r"\1<redacted>\3", uri)
class QuieterFileBodyProducer(FileBodyProducer): class QuieterFileBodyProducer(FileBodyProducer):

Write Preview
Loading…
Cancel
Save