Projet

Général

Profil

0001-logging-filter-out-http-403-messages-in-request-cont.patch

Paul Marillonnet, 16 septembre 2021 12:22

Télécharger (3,15 ko)

Voir les différences: 

Subject: [PATCH] logging: filter out http 403 messages in request context
 filter (#56711)


 hobo/logger.py                                   |  4 ++++
 hobo/test_urls.py                                |  3 +++
 tests_multitenant/test_request_context_filter.py | 16 ++++++++++++++++
 3 files changed, 23 insertions(+)
hobo/logger.py
54 54 

  		




  55
  55
  
    
        Inspired by django-log-request-id

  		




  56
  56
  
    
        """

  		




  
  57
  
    
        # remove http 403 records, already logged by uwsgi

  		




  
  58
  
    
        if hasattr(record, 'status_code') and record.status_code == 403:

  		




  
  59
  
    
            return False

  		




  
  60
  
    

  		




  57
  61
  
    
        # prevent multiple execution on the same record

  		




  58
  62
  
    
        if getattr(record, 'request_context', False):

  		




  59
  63
  
    
            return True

  		












  

    
      hobo/test_urls.py
    
  





  1
  1
  
    
import logging

  		




  2
  2
  
    

  		




  3
  3
  
    
from django.conf.urls import url

  		




  
  4
  
    
from django.core.exceptions import PermissionDenied

  		




  4
  5
  
    
from django.http import HttpResponse

  		




  5
  6
  
    

  		




  6
  7
  
    

  		




  ......




  8
  9
  
    
    logging.getLogger(__name__).error('wat!')

  		




  9
  10
  
    
    if 'raise' in request.GET:

  		




  10
  11
  
    
        raise Exception('wat!')

  		




  
  12
  
    
    if 'forbidden' in request.GET:

  		




  
  13
  
    
        raise PermissionDenied('forbidden access')

  		




  11
  14
  
    
    request.META['CSRF_COOKIE_USED'] = True

  		




  12
  15
  
    
    request.META['CSRF_COOKIE'] = 'xxx'

  		




  13
  16
  
    
    return HttpResponse('Hello world %s' % request.META['REMOTE_ADDR'])

  		












  

    
      tests_multitenant/test_request_context_filter.py
    
  





  3
  3
  
    
import pytest

  		




  4
  4
  
    
from _pytest.logging import LogCaptureHandler

  		




  5
  5
  
    
from django.contrib.auth.models import User

  		




  
  6
  
    
from django.test import override_settings

  		




  6
  7
  
    
from tenant_schemas.utils import tenant_context

  		




  7
  8
  
    

  		




  8
  9
  
    
from hobo.journal import JournalHandler

  		




  ......




  35
  36
  
    
            user.save()

  		




  36
  37
  
    
            user.saml_identifiers.create(name_id='ab' * 16, issuer='https://idp.example.com')

  		




  37
  38
  
    

  		




  
  39
  
    
    for tenant in tenants:

  		




  
  40
  
    
        settings.ALLOWED_HOSTS.append(tenant.domain_url)

  		




  
  41
  
    
        with override_settings(ROOT_URLCONF='hobo.test_urls'):

  		




  
  42
  
    
            client.get(

  		




  
  43
  
    
                '/?forbidden=123',

  		




  
  44
  
    
                SERVER_NAME=tenant.domain_url,

  		




  
  45
  
    
                HTTP_X_FORWARDED_FOR='99.99.99.99, 127.0.0.1',

  		




  
  46
  
    
            )

  		




  
  47
  
    
    records = [record for record in caplog.records]

  		




  
  48
  
    
    assert len(records) == 2  # on test_urls' "wat!" test error has been logged

  		




  
  49
  
    
    for record in records:

  		




  
  50
  
    
        assert not hasattr(record, 'status_code')  # hence no 403 logged

  		




  
  51
  
    
        assert record.msg != 'forbidden access'

  		




  
  52
  
    
    caplog.clear()

  		




  
  53
  
    

  		




  38
  54
  
    
    for tenant in tenants:

  		




  39
  55
  
    
        settings.ALLOWED_HOSTS.append(tenant.domain_url)

  		




  40
  56
  
    
        with tenant_context(tenant):

  		




  41
  
  
    
-