Redact tokens/passwords from URLs in ConsDbClient HTTPError reports #120
Conversation
|
I'd think you would want to redact the entire password, including the first two letters, and for that matter avoid revealing anything about the length of the password. |
There was a problem hiding this comment.
LGTM. I kind of agree with Brian about redacting the entire password, but two other points on that: 1) I can see how a couple of characters could be useful for debug info, and this isn't super security critical stuff, and the tokens are plenty long, but 2) the two that I've looked at both started gt- so I suspect you'd need more than 3 to actually reveal anything that's actually useful (if that's even desirable).
I think it's probably @ktlim's call though.
|
Also, I'm not usually a stickler for asking people to squash commits, but given the middle commits include adding and removing a whole file which should never have been committed, and that this whole ticket feels fine as a single commit, I'd probably just squash the whole thing down to one or two commits. |
| The response that could contain a URL with tokens | ||
| """ | ||
| url = urlparse(resp.url) | ||
| short_user = url.username[:2] if url.username is not None else "**" |
There was a problem hiding this comment.
I think it's a bit more useful to have
short_user = f"{url.username[:2]}***" if url.username is not None else ""
short_pass = f":{url.password[:2]}***" if url.password is not None else ""
netloc = f"{short_user}{short_pass}@{url.hostname}"
That way, empty usernames and passwords are properly reflected and the password component is only included if it is actually present.
|
|
||
| assert "v987wefVMPz" not in url | ||
| assert url == sanitized | ||
|
|
There was a problem hiding this comment.
If you really want coverage, you could also test the username/no password case, a password/no username case (although I don't know if that is actually legal), and a single-character username case (if someone uses 1 or 2 character passwords, that's their own problem...).
Vebop
force-pushed
the
tickets/DM-45530
branch
from
da14f81
to
b2c4568
Compare
|
Updated the |
Added
clean_url()torequests.Sessionhooks for responses.Added test to check initialization of ConsDbClient and to test that the url is sanitized according to our terms.