-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redact tokens/passwords from URLs in ConsDbClient HTTPError reports #120
Conversation
I'd think you would want to redact the entire password, including the first two letters, and for that matter avoid revealing anything about the length of the password. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I kind of agree with Brian about redacting the entire password, but two other points on that: 1) I can see how a couple of characters could be useful for debug info, and this isn't super security critical stuff, and the tokens are plenty long, but 2) the two that I've looked at both started gt-
so I suspect you'd need more than 3 to actually reveal anything that's actually useful (if that's even desirable).
I think it's probably @ktlim's call though.
Also, I'm not usually a stickler for asking people to squash commits, but given the middle commits include adding and removing a whole file which should never have been committed, and that this whole ticket feels fine as a single commit, I'd probably just squash the whole thing down to one or two commits. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
General approach looks great.
The response that could contain a URL with tokens | ||
""" | ||
url = urlparse(resp.url) | ||
short_user = url.username[:2] if url.username is not None else "**" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's a bit more useful to have
short_user = f"{url.username[:2]}***" if url.username is not None else ""
short_pass = f":{url.password[:2]}***" if url.password is not None else ""
netloc = f"{short_user}{short_pass}@{url.hostname}"
That way, empty usernames and passwords are properly reflected and the password component is only included if it is actually present.
|
||
assert "v987wefVMPz" not in url | ||
assert url == sanitized | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you really want coverage, you could also test the username/no password case, a password/no username case (although I don't know if that is actually legal), and a single-character username case (if someone uses 1 or 2 character passwords, that's their own problem...).
da14f81
to
b2c4568
Compare
Updated the |
Added
clean_url()
torequests.Session
hooks for responses.Added test to check initialization of ConsDbClient and to test that the url is sanitized according to our terms.