From f3438b1a54c3df8e9bd73b624f0dd9e3962618b6 Mon Sep 17 00:00:00 2001 From: Christian Schwede Date: Mon, 24 Apr 2017 13:00:35 +0000 Subject: [PATCH] Trim tempurl signature in the logs This trims the temp_url_sig querystring for valid URLs (ie ones that are successfully authenticated) within the current request environment, which is finally used when logging the request. By default it will only keep the first 8 chars, which should be enough for troubleshooting. This is especially important with tempurls that are valid for extended periods and/or when using central logging servers. There are two cases when the whole signature might be still revealed in the logs: - if eventlet_debug is enabled in the proxy - if a tempurl sig/expires combination is invalid Change-Id: I44450b5204dd24ffd6ec0ee42e1b5cd78704a60a --- swift/common/middleware/tempurl.py | 7 ++++++- test/unit/common/middleware/test_tempurl.py | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/swift/common/middleware/tempurl.py b/swift/common/middleware/tempurl.py index abff073..e083e29 100644 --- a/swift/common/middleware/tempurl.py +++ b/swift/common/middleware/tempurl.py @@ -384,6 +384,10 @@ class TempURL(object): #: HTTP user agent to use for subrequests. self.agent = '%(orig)s TempURL' + # Trim the signature to avoid revealing it in the logfiles + self.reveal_sensitive_prefix = int( + conf.get('reveal_sensitive_prefix', 8)) + def __call__(self, env, start_response): """ Main hook into the WSGI paste.deploy filter/app pipeline. @@ -454,7 +458,8 @@ class TempURL(object): container) env['swift.authorize_override'] = True env['REMOTE_USER'] = '.wsgi.tempurl' - qs = {'temp_url_sig': temp_url_sig, + qs = {'temp_url_sig': + temp_url_sig[:self.reveal_sensitive_prefix] + '...', 'temp_url_expires': temp_url_expires} if temp_url_prefix is not None: qs['temp_url_prefix'] = temp_url_prefix diff --git a/test/unit/common/middleware/test_tempurl.py b/test/unit/common/middleware/test_tempurl.py index 0b3b1d3..45951c0 100644 --- a/test/unit/common/middleware/test_tempurl.py +++ b/test/unit/common/middleware/test_tempurl.py @@ -144,6 +144,8 @@ class TestTempURL(unittest.TestCase): gmtime(expires))) self.assertEqual(req.environ['swift.authorize_override'], True) self.assertEqual(req.environ['REMOTE_USER'], '.wsgi.tempurl') + trimmed_sig_qs = 'temp_url_sig=%s...' % sig[:8] + self.assertIn(trimmed_sig_qs, req.environ.get('QUERY_STRING')) def test_get_valid(self): method = 'GET' -- 2.9.3