Merge "Obscure the X-Auth-Token in proxy log"

This commit is contained in:
Jenkins 2013-07-30 20:58:59 +00:00 committed by Gerrit Code Review
commit f830c9a266
3 changed files with 94 additions and 1 deletions

View File

@ -432,6 +432,18 @@ use = egg:swift#proxy_logging
# access_log_statsd_metric_prefix = # access_log_statsd_metric_prefix =
# access_log_headers = false # access_log_headers = false
# #
# By default, the X-Auth-Token is logged. To obscure the value,
# set reveal_sensitive_prefix to the number of characters to log.
# For example, if set to 12, only the first 12 characters of the
# token appear in the log. An unauthorized access of the log file
# won't allow unauthorized usage of the token. However, the first
# 12 or so characters is unique enough that you can trace/debug
# token usage. Set to 0 to suppress the token completely (replaced
# by '...' in the log).
# Note: reveal_sensitive_prefix will not affect the value
# logged with access_log_headers=True.
# reveal_sensitive_prefix = 8192
#
# What HTTP methods are allowed for StatsD logging (comma-sep); request methods # What HTTP methods are allowed for StatsD logging (comma-sep); request methods
# not in this list will have "BAD_METHOD" for the <verb> portion of the metric. # not in this list will have "BAD_METHOD" for the <verb> portion of the metric.
# log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS # log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS

View File

@ -77,6 +77,7 @@ from swift.common.swob import Request
from swift.common.utils import (get_logger, get_remote_client, from swift.common.utils import (get_logger, get_remote_client,
get_valid_utf8_str, config_true_value, get_valid_utf8_str, config_true_value,
InputProxy) InputProxy)
from swift.common.constraints import MAX_HEADER_SIZE
QUOTE_SAFE = '/:' QUOTE_SAFE = '/:'
@ -112,6 +113,8 @@ class ProxyLoggingMiddleware(object):
self.access_logger = get_logger(access_log_conf, self.access_logger = get_logger(access_log_conf,
log_route='proxy-access') log_route='proxy-access')
self.access_logger.set_statsd_prefix('proxy-server') self.access_logger.set_statsd_prefix('proxy-server')
self.reveal_sensitive_prefix = int(conf.get('reveal_sensitive_prefix',
MAX_HEADER_SIZE))
def method_from_req(self, req): def method_from_req(self, req):
return req.environ.get('swift.orig_req_method', req.method) return req.environ.get('swift.orig_req_method', req.method)
@ -122,6 +125,13 @@ class ProxyLoggingMiddleware(object):
def mark_req_logged(self, req): def mark_req_logged(self, req):
req.environ['swift.proxy_access_log_made'] = True req.environ['swift.proxy_access_log_made'] = True
def obscure_sensitive(self, value):
if not value:
return '-'
if len(value) > self.reveal_sensitive_prefix:
return value[:self.reveal_sensitive_prefix] + '...'
return value
def log_request(self, req, status_int, bytes_received, bytes_sent, def log_request(self, req, status_int, bytes_received, bytes_sent,
request_time): request_time):
""" """
@ -156,7 +166,7 @@ class ProxyLoggingMiddleware(object):
status_int, status_int,
req.referer, req.referer,
req.user_agent, req.user_agent,
req.headers.get('x-auth-token'), self.obscure_sensitive(req.headers.get('x-auth-token')),
bytes_received, bytes_received,
bytes_sent, bytes_sent,
req.headers.get('etag', None), req.headers.get('etag', None),

View File

@ -571,6 +571,77 @@ class TestProxyLogging(unittest.TestCase):
log_parts = self._log_parts(app) log_parts = self._log_parts(app)
self.assertEquals(log_parts[17], 'one%2Cand%20two') self.assertEquals(log_parts[17], 'one%2Cand%20two')
def test_log_auth_token(self):
auth_token = 'b05bf940-0464-4c0e-8c70-87717d2d73e8'
# Default - no reveal_sensitive_prefix in config
# No x-auth-token header
app = proxy_logging.ProxyLoggingMiddleware(FakeApp(), {})
app.access_logger = FakeLogger()
req = Request.blank('/', environ={'REQUEST_METHOD': 'GET'})
resp = app(req.environ, start_response)
resp_body = ''.join(resp)
log_parts = self._log_parts(app)
self.assertEquals(log_parts[9], '-')
# Has x-auth-token header
app = proxy_logging.ProxyLoggingMiddleware(FakeApp(), {})
app.access_logger = FakeLogger()
req = Request.blank('/', environ={'REQUEST_METHOD': 'GET',
'HTTP_X_AUTH_TOKEN': auth_token})
resp = app(req.environ, start_response)
resp_body = ''.join(resp)
log_parts = self._log_parts(app)
self.assertEquals(log_parts[9], auth_token)
# Truncate to first 8 characters
app = proxy_logging.ProxyLoggingMiddleware(FakeApp(), {
'reveal_sensitive_prefix': '8'})
app.access_logger = FakeLogger()
req = Request.blank('/', environ={'REQUEST_METHOD': 'GET'})
resp = app(req.environ, start_response)
resp_body = ''.join(resp)
log_parts = self._log_parts(app)
self.assertEquals(log_parts[9], '-')
app = proxy_logging.ProxyLoggingMiddleware(FakeApp(), {
'reveal_sensitive_prefix': '8'})
app.access_logger = FakeLogger()
req = Request.blank('/', environ={'REQUEST_METHOD': 'GET',
'HTTP_X_AUTH_TOKEN': auth_token})
resp = app(req.environ, start_response)
resp_body = ''.join(resp)
log_parts = self._log_parts(app)
self.assertEquals(log_parts[9], 'b05bf940...')
# Token length and reveal_sensitive_prefix are same (no truncate)
app = proxy_logging.ProxyLoggingMiddleware(FakeApp(), {
'reveal_sensitive_prefix': str(len(auth_token))})
app.access_logger = FakeLogger()
req = Request.blank('/', environ={'REQUEST_METHOD': 'GET',
'HTTP_X_AUTH_TOKEN': auth_token})
resp = app(req.environ, start_response)
resp_body = ''.join(resp)
log_parts = self._log_parts(app)
self.assertEquals(log_parts[9], auth_token)
# Don't log x-auth-token
app = proxy_logging.ProxyLoggingMiddleware(FakeApp(), {
'reveal_sensitive_prefix': '0'})
app.access_logger = FakeLogger()
req = Request.blank('/', environ={'REQUEST_METHOD': 'GET'})
resp = app(req.environ, start_response)
resp_body = ''.join(resp)
log_parts = self._log_parts(app)
self.assertEquals(log_parts[9], '-')
app = proxy_logging.ProxyLoggingMiddleware(FakeApp(), {
'reveal_sensitive_prefix': '0'})
app.access_logger = FakeLogger()
req = Request.blank('/', environ={'REQUEST_METHOD': 'GET',
'HTTP_X_AUTH_TOKEN': auth_token})
resp = app(req.environ, start_response)
resp_body = ''.join(resp)
log_parts = self._log_parts(app)
self.assertEquals(log_parts[9], '...')
if __name__ == '__main__': if __name__ == '__main__':
unittest.main() unittest.main()