Change the default token logged length to 16

Based on comments from deployers at the Juno OpenStack summit, limiting the default logged token length (to, by default, prevent tokens from being fully logged) is a good idea. Change-Id: I58980e85329d99de41f1c08f75e85973452317b1
2014-05-20 17:28:19 -07:00 · 2014-05-20 17:28:19 -07:00 · 5f0160bdde
commit 5f0160bdde
parent e294538c20
3 changed files with 16 additions and 5 deletions
--- a/etc/proxy-server.conf-sample
+++ b/etc/proxy-server.conf-sample
@ -484,7 +484,7 @@ use = egg:swift#proxy_logging
 # by '...' in the log).
 # Note: reveal_sensitive_prefix will not affect the value
 # logged with access_log_headers=True.
-# reveal_sensitive_prefix = 8192
+# reveal_sensitive_prefix = 16
 #
 # What HTTP methods are allowed for StatsD logging (comma-sep); request methods
 # not in this list will have "BAD_METHOD" for the <verb> portion of the metric.
--- a/swift/common/middleware/proxy_logging.py
+++ b/swift/common/middleware/proxy_logging.py
@ -78,7 +78,6 @@ from swift.common.swob import Request
 from swift.common.utils import (get_logger, get_remote_client,
                                get_valid_utf8_str, config_true_value,
                                InputProxy, list_from_csv)
-from swift.common import constraints

 QUOTE_SAFE = '/:'

@ -119,7 +118,7 @@ class ProxyLoggingMiddleware(object):
                                                  log_route='proxy-access')
        self.access_logger.set_statsd_prefix('proxy-server')
        self.reveal_sensitive_prefix = int(
-            conf.get('reveal_sensitive_prefix', constraints.MAX_HEADER_SIZE))
+            conf.get('reveal_sensitive_prefix', 16))

    def method_from_req(self, req):
        return req.environ.get('swift.orig_req_method', req.method)
--- a/test/unit/common/middleware/test_proxy_logging.py
+++ b/test/unit/common/middleware/test_proxy_logging.py
@ -23,6 +23,7 @@ from test.unit import FakeLogger
 from swift.common.utils import get_logger
 from swift.common.middleware import proxy_logging
 from swift.common.swob import Request, Response
+from swift.common import constraints


 class FakeApp(object):
@ -658,7 +659,7 @@ class TestProxyLogging(unittest.TestCase):
    def test_log_auth_token(self):
        auth_token = 'b05bf940-0464-4c0e-8c70-87717d2d73e8'

-        # Default - no reveal_sensitive_prefix in config
+        # Default - reveal_sensitive_prefix is 16
        # No x-auth-token header
        app = proxy_logging.ProxyLoggingMiddleware(FakeApp(), {})
        app.access_logger = FakeLogger()
@ -675,7 +676,7 @@ class TestProxyLogging(unittest.TestCase):
        resp = app(req.environ, start_response)
        resp_body = ''.join(resp)
        log_parts = self._log_parts(app)
-        self.assertEquals(log_parts[9], auth_token)
+        self.assertEquals(log_parts[9], 'b05bf940-0464-4c...')

        # Truncate to first 8 characters
        app = proxy_logging.ProxyLoggingMiddleware(FakeApp(), {
@ -707,6 +708,17 @@ class TestProxyLogging(unittest.TestCase):
        log_parts = self._log_parts(app)
        self.assertEquals(log_parts[9], auth_token)

+        # No effective limit on auth token
+        app = proxy_logging.ProxyLoggingMiddleware(FakeApp(), {
+            'reveal_sensitive_prefix': constraints.MAX_HEADER_SIZE})
+        app.access_logger = FakeLogger()
+        req = Request.blank('/', environ={'REQUEST_METHOD': 'GET',
+                                          'HTTP_X_AUTH_TOKEN': auth_token})
+        resp = app(req.environ, start_response)
+        resp_body = ''.join(resp)
+        log_parts = self._log_parts(app)
+        self.assertEquals(log_parts[9], auth_token)
+
        # Don't log x-auth-token
        app = proxy_logging.ProxyLoggingMiddleware(FakeApp(), {
            'reveal_sensitive_prefix': '0'})