mirror of
https://mau.dev/maunium/synapse.git
synced 2024-11-16 23:11:34 +01:00
Merge pull request #3327 from t3chguy/redact_as_request_token
Strip `access_token` from outgoing requests
This commit is contained in:
commit
e316407b5d
3 changed files with 18 additions and 9 deletions
|
@ -13,6 +13,8 @@
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
import re
|
||||||
|
|
||||||
from twisted.internet.defer import CancelledError
|
from twisted.internet.defer import CancelledError
|
||||||
from twisted.python import failure
|
from twisted.python import failure
|
||||||
|
|
||||||
|
@ -34,3 +36,14 @@ def cancelled_to_request_timed_out_error(value, timeout):
|
||||||
value.trap(CancelledError)
|
value.trap(CancelledError)
|
||||||
raise RequestTimedOutError()
|
raise RequestTimedOutError()
|
||||||
return value
|
return value
|
||||||
|
|
||||||
|
|
||||||
|
ACCESS_TOKEN_RE = re.compile(br'(\?.*access(_|%5[Ff])token=)[^&]*(.*)$')
|
||||||
|
|
||||||
|
|
||||||
|
def redact_uri(uri):
|
||||||
|
"""Strips access tokens from the uri replaces with <redacted>"""
|
||||||
|
return ACCESS_TOKEN_RE.sub(
|
||||||
|
br'\1<redacted>\3',
|
||||||
|
uri
|
||||||
|
)
|
||||||
|
|
|
@ -19,7 +19,7 @@ from OpenSSL.SSL import VERIFY_NONE
|
||||||
from synapse.api.errors import (
|
from synapse.api.errors import (
|
||||||
CodeMessageException, MatrixCodeMessageException, SynapseError, Codes,
|
CodeMessageException, MatrixCodeMessageException, SynapseError, Codes,
|
||||||
)
|
)
|
||||||
from synapse.http import cancelled_to_request_timed_out_error
|
from synapse.http import cancelled_to_request_timed_out_error, redact_uri
|
||||||
from synapse.util.async import add_timeout_to_deferred
|
from synapse.util.async import add_timeout_to_deferred
|
||||||
from synapse.util.caches import CACHE_SIZE_FACTOR
|
from synapse.util.caches import CACHE_SIZE_FACTOR
|
||||||
from synapse.util.logcontext import make_deferred_yieldable
|
from synapse.util.logcontext import make_deferred_yieldable
|
||||||
|
@ -90,7 +90,8 @@ class SimpleHttpClient(object):
|
||||||
# counters to it
|
# counters to it
|
||||||
outgoing_requests_counter.labels(method).inc()
|
outgoing_requests_counter.labels(method).inc()
|
||||||
|
|
||||||
logger.info("Sending request %s %s", method, uri)
|
# log request but strip `access_token` (AS requests for example include this)
|
||||||
|
logger.info("Sending request %s %s", method, redact_uri(uri))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
request_deferred = self.agent.request(
|
request_deferred = self.agent.request(
|
||||||
|
|
|
@ -14,18 +14,16 @@
|
||||||
|
|
||||||
import contextlib
|
import contextlib
|
||||||
import logging
|
import logging
|
||||||
import re
|
|
||||||
import time
|
import time
|
||||||
|
|
||||||
from twisted.web.server import Site, Request
|
from twisted.web.server import Site, Request
|
||||||
|
|
||||||
|
from synapse.http import redact_uri
|
||||||
from synapse.http.request_metrics import RequestMetrics
|
from synapse.http.request_metrics import RequestMetrics
|
||||||
from synapse.util.logcontext import LoggingContext
|
from synapse.util.logcontext import LoggingContext
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
ACCESS_TOKEN_RE = re.compile(br'(\?.*access(_|%5[Ff])token=)[^&]*(.*)$')
|
|
||||||
|
|
||||||
_next_request_seq = 0
|
_next_request_seq = 0
|
||||||
|
|
||||||
|
|
||||||
|
@ -69,10 +67,7 @@ class SynapseRequest(Request):
|
||||||
return "%s-%i" % (self.method, self.request_seq)
|
return "%s-%i" % (self.method, self.request_seq)
|
||||||
|
|
||||||
def get_redacted_uri(self):
|
def get_redacted_uri(self):
|
||||||
return ACCESS_TOKEN_RE.sub(
|
return redact_uri(self.uri)
|
||||||
br'\1<redacted>\3',
|
|
||||||
self.uri
|
|
||||||
)
|
|
||||||
|
|
||||||
def get_user_agent(self):
|
def get_user_agent(self):
|
||||||
return self.requestHeaders.getRawHeaders(b"User-Agent", [None])[-1]
|
return self.requestHeaders.getRawHeaders(b"User-Agent", [None])[-1]
|
||||||
|
|
Loading…
Reference in a new issue