diff options
author | Michael Telatynski <7t3chguy@gmail.com> | 2018-06-05 18:31:40 +0100 |
---|---|---|
committer | Michael Telatynski <7t3chguy@gmail.com> | 2018-06-05 18:31:40 +0100 |
commit | e6cbf47773472e6e3dd1884bb0376d3d66a37433 (patch) | |
tree | c858afd3cf93aaf0f25898c0eaec9a396e619c2e | |
parent | Strip `access_token` from outgoing requests using existing regex (diff) | |
download | synapse-e6cbf47773472e6e3dd1884bb0376d3d66a37433.tar.xz |
factor out uri redaction into a method on http
-rw-r--r-- | synapse/http/__init__.py | 13 | ||||
-rw-r--r-- | synapse/http/client.py | 8 | ||||
-rw-r--r-- | synapse/http/site.py | 9 |
3 files changed, 17 insertions, 13 deletions
diff --git a/synapse/http/__init__.py b/synapse/http/__init__.py index 054372e179..58ef8d3ce4 100644 --- a/synapse/http/__init__.py +++ b/synapse/http/__init__.py @@ -13,6 +13,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +import re + from twisted.internet.defer import CancelledError from twisted.python import failure @@ -34,3 +36,14 @@ def cancelled_to_request_timed_out_error(value, timeout): value.trap(CancelledError) raise RequestTimedOutError() return value + + +ACCESS_TOKEN_RE = re.compile(br'(\?.*access(_|%5[Ff])token=)[^&]*(.*)$') + + +def redact_uri(uri): + """Strips access tokens from the uri replaces with <redacted>""" + return ACCESS_TOKEN_RE.sub( + br'\1<redacted>\3', + uri + ) diff --git a/synapse/http/client.py b/synapse/http/client.py index 89db33453b..5820d3e96f 100644 --- a/synapse/http/client.py +++ b/synapse/http/client.py @@ -19,8 +19,7 @@ from OpenSSL.SSL import VERIFY_NONE from synapse.api.errors import ( CodeMessageException, MatrixCodeMessageException, SynapseError, Codes, ) -from synapse.http import cancelled_to_request_timed_out_error -from synapse.http.site import ACCESS_TOKEN_RE +from synapse.http import cancelled_to_request_timed_out_error, redact_uri from synapse.util.async import add_timeout_to_deferred from synapse.util.caches import CACHE_SIZE_FACTOR from synapse.util.logcontext import make_deferred_yieldable @@ -92,10 +91,7 @@ class SimpleHttpClient(object): outgoing_requests_counter.labels(method).inc() # log request but strip `access_token` (AS requests for example include this) - logger.info("Sending request %s %s", method, ACCESS_TOKEN_RE.sub( - r'\1<redacted>\3', - uri - )) + logger.info("Sending request %s %s", method, redact_uri(uri)) try: request_deferred = self.agent.request( diff --git a/synapse/http/site.py b/synapse/http/site.py index 60299657b9..2664006f8c 100644 --- a/synapse/http/site.py +++ b/synapse/http/site.py @@ -14,18 +14,16 @@ import contextlib import logging -import re import time from twisted.web.server import Site, Request +from synapse.http import redact_uri from synapse.http.request_metrics import RequestMetrics from synapse.util.logcontext import LoggingContext logger = logging.getLogger(__name__) -ACCESS_TOKEN_RE = re.compile(br'(\?.*access(_|%5[Ff])token=)[^&]*(.*)$') - _next_request_seq = 0 @@ -69,10 +67,7 @@ class SynapseRequest(Request): return "%s-%i" % (self.method, self.request_seq) def get_redacted_uri(self): - return ACCESS_TOKEN_RE.sub( - br'\1<redacted>\3', - self.uri - ) + return redact_uri(self.uri) def get_user_agent(self): return self.requestHeaders.getRawHeaders(b"User-Agent", [None])[-1] |