0001-errors-hide-credentials-in-urls-in-error-messages-34.patch

Lauréline Guérin, 10 octobre 2019 16:25

Voir les différences: en ligne côte à côte

Subject: [PATCH] errors: hide credentials in urls in error messages (#34793)

 passerelle/utils/log.py | 24 ++++++++++++++++++++++++
 tests/test_misc.py      | 34 +++++++++++++++++++++++++++++++---
 2 files changed, 55 insertions(+), 3 deletions(-)
 create mode 100644 passerelle/utils/log.py

     from copy import copy
     import re
     from django.utils.log import AdminEmailHandler as DjangoAdminEmailHandler
     from django.utils.six.moves.urllib.parse import urlparse
     class AdminEmailHandler(DjangoAdminEmailHandler):
         def emit(self, record):
             record = copy(record)
             msg = record.getMessage()
             # hide credentials in urls
             for url in re.findall(r'(https?://\S+)', msg):
                 parsed = urlparse(url)
                 if not parsed.username and not parsed.password:
                     continue
                 replaced = parsed._replace(netloc="{}:{}@{}".format('***', '***', parsed.hostname))
                 msg = msg.replace(url, replaced.geturl())
             # replace record message
             record.msg = msg
             return super(AdminEmailHandler, self).emit(record)

     import datetime
     import logging
     import pytest
     from mock import patch
-...
     from passerelle.base.models import ResourceLog
     from passerelle.apps.opengis.models import OpenGIS
     from passerelle.apps.clicrdv.models import ClicRdv
     from passerelle.utils.log import AdminEmailHandler
     def test_get_description_url_fields(db):
-...
     @pytest.fixture
     def email_handler():
         import logging
         from django.utils.log import AdminEmailHandler
         root = logging.getLogger()
         handler = AdminEmailHandler(include_html=True)
         handler.level = logging.ERROR
-...
             assert len(mailoutbox) == 2
             assert mailoutbox[0].to == ['admin@example.net']
             assert mailoutbox[1].to == ['john.doe@example.net']
     @pytest.mark.parametrize('error_msg, expected', [
         ('GET http://tcl.example.net/tclpassagearret (=> 502)',
          'GET http://tcl.example.net/tclpassagearret (=> 502)'),
         ('GET https://tcl.example.net/tclpassagearret (=> 502)',
          'GET https://tcl.example.net/tclpassagearret (=> 502)'),
         ('GET http://username:password@tcl.example.net/tclpassagearret (=> 502)',
          'GET http://***:***@tcl.example.net/tclpassagearret (=> 502)'),
         ('GET https://username:password@tcl.example.net/tclpassagearret (=> 502)',
          'GET https://***:***@tcl.example.net/tclpassagearret (=> 502)'),
     ])
     def test_trace_emails_hide_credentials(settings, mailoutbox, error_msg, expected):
         logger = logging.getLogger('django')
         handler = AdminEmailHandler(include_html=True)
         settings.ADMINS = [('admin', 'admin@example.net')]
         record = logger.makeRecord(
             'name', logging.ERROR,
             'function', 'lno',
             error_msg,
             None, None)
         handler.emit(record)
         assert len(mailoutbox) == 1
         msg = mailoutbox[0]
         assert msg.to == ['admin@example.net']
         assert msg.subject == '[Django] ERROR: %s' % expected
         assert expected in msg.body
+    -

Projet

Général

Profil

Produits Entr'ouvert » Passerelle

0001-errors-hide-credentials-in-urls-in-error-messages-34.patch