desktopcouch

Merge lp:~cmiller/desktopcouch/log-no-secrets-bug460974 into lp:desktopcouch

  1. log-no-secrets-bug460974
  2. Merge into trunk
Proposed by Chad Miller
Status: Merged
Approved by: Elliot Murphy
Approved revision: 98
Merged at revision: not available
Proposed branch: lp:~cmiller/desktopcouch/log-no-secrets-bug460974
Merge into: lp:desktopcouch
Diff against target: 125 lines
3 files modified
desktopcouch/pair/couchdb_pairing/couchdb_io.py (+19/-9)
desktopcouch/pair/tests/test_couchdb_io.py (+12/-0)
desktopcouch/replication.py (+1/-1)
To merge this branch: bzr merge lp:~cmiller/desktopcouch/log-no-secrets-bug460974
Reviewer Review Type Date Requested Status
Elliot Murphy (community) Approve
Eric Casteleijn (community) Approve
Review via email: mp+14047@code.launchpad.net

Commit message

When logging replication events, replace all oauth secrets with a string of the same length. (LP: #460974)

Don't complain about non-error when looking for service replicator items.

Use the logging object instead of general logging module, in one place.

To post a comment you must log in.
Revision history for this message
Eric Casteleijn (thisfred) wrote :

Looks great! tests pass

review: Approve
Revision history for this message
Elliot Murphy (statik) wrote :

nice work, zip(cycle()) definitely was the nicest code i saw all day.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'desktopcouch/pair/couchdb_pairing/couchdb_io.py'
2--- desktopcouch/pair/couchdb_pairing/couchdb_io.py 2009-10-15 00:56:15 +0000
3+++ desktopcouch/pair/couchdb_pairing/couchdb_io.py 2009-10-27 19:05:20 +0000
4@@ -22,6 +22,7 @@
5 import socket
6 import uuid
7 import datetime
8+from itertools import cycle
9
10 from desktopcouch import find_pid, find_port as desktopcouch_find_port
11 from desktopcouch.records import server
12@@ -31,6 +32,17 @@
13 PAIRED_SERVER_RECORD_TYPE = RECTYPE_BASE + "paired_server"
14 MY_ID_RECORD_TYPE = RECTYPE_BASE + "server_identity"
15
16+def obsfuscate(d):
17+ def maybe_hide(k, v):
18+ if hasattr(k, "endswith") and k.endswith("secret"):
19+ return "".join(rep for rep, vi in zip(cycle('Hidden'), v))
20+ else:
21+ return v
22+
23+ if not hasattr(d, "iteritems"):
24+ return d
25+ return dict((k, maybe_hide(k, obsfuscate(v))) for k, v in d.iteritems())
26+
27 def mkuri(hostname, port, has_ssl=False, path="", auth_pair=None):
28 """Create a URI from parts."""
29 protocol = "https" if has_ssl else "http"
30@@ -95,8 +107,6 @@
31 service_name = row.value["service_name"]
32 found[service_name] = pairing_id, to_pull, to_push
33 except KeyError, e:
34- logging.warn("Skipping weird record. %s", e)
35- # FIXME maybe we should log this or be more specific
36 pass
37 unique_hosts = [(v1, sn, v2, v3) for
38 (sn), (v1, v2, v3) in found.items()]
39@@ -184,7 +194,7 @@
40 else:
41 logging.debug("skipping record empty %s", key)
42 else:
43- logging.debug("skipping record %s with no %s", record.value, key)
44+ logging.debug("skipping record %s with no %s", obsfuscate(record.value), key)
45 logging.debug("found %d %s records", len(values), key)
46 return values
47
48@@ -206,7 +216,7 @@
49 # Target databases must exist before replicating to them.
50 logging.debug(
51 "creating %r %s:%d %s", target_database, target_host,
52- target_port, target_oauth)
53+ target_port, obsfuscate(target_oauth))
54 create_database(
55 target_host, target_port, target_database, use_ssl=target_ssl,
56 oauth_tokens=target_oauth)
57@@ -215,7 +225,7 @@
58 logging.debug("db exists, and we're ready to replicate")
59 except:
60 logging.exception("can't create/verify %r %s:%d oauth=%s",
61- target_database, target_host, target_port, target_oauth)
62+ target_database, target_host, target_port, obsfuscate(target_oauth))
63 if source_host:
64 source = mkuri(source_host, source_port, source_ssl, urllib.quote(
65 source_database, safe=""))
66@@ -243,19 +253,19 @@
67 url = mkuri("localhost", port,)
68
69 logging.debug(
70- "asking %r to replicate %s to %s, using record %s", url, source, target,
71- record)
72+ "asking %r to replicate %s to %s", obsfuscate(url),
73+ obsfuscate(source), obsfuscate(target),)
74
75 ### All until python-couchdb gets a Server.replicate() function
76 local_server = server.OAuthCapableServer(url)
77 resp, data = local_server.resource.post(path='/_replicate',
78 content=record)
79
80- logging.debug("replicate result: %r %r", resp, data)
81+ logging.debug("replicate result: %r %r", obsfuscate(resp), obsfuscate(data))
82 ###
83 except:
84 logging.exception("can't replicate %r %r <== %r", source_database,
85- url, record)
86+ url, obsfuscate(record))
87
88 def get_pairings(uri=None):
89 """Get a list of paired servers."""
90
91=== modified file 'desktopcouch/pair/tests/test_couchdb_io.py'
92--- desktopcouch/pair/tests/test_couchdb_io.py 2009-10-07 13:26:18 +0000
93+++ desktopcouch/pair/tests/test_couchdb_io.py 2009-10-27 19:05:20 +0000
94@@ -51,6 +51,18 @@
95 del self.mgt_database._server['management']
96 del self.mgt_database._server['foo']
97
98+
99+ def test_obsfuscation(self):
100+ t = {'url': 'https://couchdb.one.ubuntu.com/u%2Fb2%2Fc8%2F276%2Ftest', 'auth': {'oauth': {'consumer_secret': 'SeCrEtSe', 'token': '3XRjQrWX92TTTJFDTWJJ', 'consumer_key': 'ubuntuone', 'token_secret': 'jBmSeCrEtawkefwklefliwuregqwlkeh347wq87w4fiuq4fyu3q4fiqwu4fqwfiqufM6xjsPwSeCrEt4'}}}
101+ cleaned_t = couchdb_io.obsfuscate(t)
102+ self.failIf("SeCrEt" in str(cleaned_t), {'url': 'https://couchdb.one.ubuntu.com/u%2Fb2%2Fc8%2F276%2Ftest', 'auth': {'oauth': {'consumer_secret': 'HiddenHidd', 'token': '3XRjQrWX92TTTJFDTWJJ', 'consumer_key': 'ubuntuone', 'token_secret': 'HiddenHiddenHiddenHiddenHiddenHiddenHiddenHiddenHiddenHiddenHiddenHiddenHiddenHi'}}})
103+
104+ self.assertEqual(couchdb_io.obsfuscate(""), "")
105+ self.assertEqual(couchdb_io.obsfuscate({}), {})
106+ self.assertEqual(couchdb_io.obsfuscate({1:{}}), {1:{}})
107+ self.assertEqual(couchdb_io.obsfuscate({1:1}), {1:1})
108+
109+
110 def test_put_static_paired_service(self):
111 service_name = "dummyfortest"
112 oauth_data = {
113
114=== modified file 'desktopcouch/replication.py'
115--- desktopcouch/replication.py 2009-10-22 17:54:35 +0000
116+++ desktopcouch/replication.py 2009-10-27 19:05:20 +0000
117@@ -103,7 +103,7 @@
118 # push caught exception back...
119 except:
120 # ... so that we log it here.
121- logging.exception(
122+ log.exception(
123 "failed to unpair from other end.")
124 continue
125 else:

Subscribers

People subscribed via source and target branches