Merge pull request #3327 from t3chguy/redact_as_request_token

Strip `access_token` from outgoing requests
author: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> 2018-06-05 19:08:46 +0100
committer: GitHub <noreply@github.com> 2018-06-05 19:08:46 +0100
commit: e316407b5d41da90ded5759d519a93656ff013ad (patch)
tree: 1bdf25c894a218a3622dd70de60211d52d6e0488 /synapse/http/__init__.py
parent: Merge pull request #3340 from ArchangeGabriel/patch-1 (diff)
parent: factor out uri redaction into a method on http (diff)
download: synapse-e316407b5d41da90ded5759d519a93656ff013ad.tar.xz
1 files changed, 13 insertions, 0 deletions
diff --git a/synapse/http/__init__.py b/synapse/http/__init__.py
index 054372e179..58ef8d3ce4 100644
--- a/synapse/http/__init__.py
+++ b/synapse/http/__init__.py
@@ -13,6 +13,8 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+import re
+
 from twisted.internet.defer import CancelledError
 from twisted.python import failure
 
@@ -34,3 +36,14 @@ def cancelled_to_request_timed_out_error(value, timeout):
         value.trap(CancelledError)
         raise RequestTimedOutError()
     return value
+
+
+ACCESS_TOKEN_RE = re.compile(br'(\?.*access(_|%5[Ff])token=)[^&]*(.*)$')
+
+
+def redact_uri(uri):
+    """Strips access tokens from the uri replaces with <redacted>"""
+    return ACCESS_TOKEN_RE.sub(
+        br'\1<redacted>\3',
+        uri
+    )
author	Richard van der Hoff <1389908+richvdh@users.noreply.github.com>	2018-06-05 19:08:46 +0100
committer	GitHub <noreply@github.com>	2018-06-05 19:08:46 +0100
commit	e316407b5d41da90ded5759d519a93656ff013ad (patch)
tree	1bdf25c894a218a3622dd70de60211d52d6e0488 /synapse/http/__init__.py
parent	Merge pull request #3340 from ArchangeGabriel/patch-1 (diff)
parent	factor out uri redaction into a method on http (diff)
download	synapse-e316407b5d41da90ded5759d519a93656ff013ad.tar.xz