diff options
author | Lokesh S <lokesh.s@hp.com> | 2016-03-29 10:11:35 +0000 |
---|---|---|
committer | Rawlin Peters <rawlin.peters@hpe.com> | 2016-04-04 17:21:09 -0600 |
commit | 1575d92ba5be356e34df34513675299198074c95 (patch) | |
tree | 06318dc1fd3264b5cffac453e139b0a6e8b34879 | |
parent | c1701c1d289beed3710b17653e386bb3fbffb0c7 (diff) | |
download | python-neutronclient-1575d92ba5be356e34df34513675299198074c95.tar.gz |
Log SHA1 hash of X-Auth-Token value
Remove logging of sensitive information like the
token value from X-Auth-Token. Instead log the sha1
hash of the token value, prefixed with '{SHA1}'.
Conflicts:
neutronclient/common/utils.py
Closes-Bug: #1367339
Change-Id: I72d2ff5ca569c942aa6896aeadab489ff0097255
(cherry picked from commit d8fa792ee720e7877fa371e69633546b752e73da)
-rw-r--r-- | neutronclient/common/utils.py | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/neutronclient/common/utils.py b/neutronclient/common/utils.py index dc5f7d6..27c2de2 100644 --- a/neutronclient/common/utils.py +++ b/neutronclient/common/utils.py @@ -18,6 +18,7 @@ """Utilities and helper functions.""" import argparse +import hashlib import logging import netaddr import os @@ -29,6 +30,8 @@ import six from neutronclient.common import exceptions from neutronclient.i18n import _ +SENSITIVE_HEADERS = ('X-Auth-Token',) + def env(*vars, **kwargs): """Returns the first environment variable set. @@ -127,8 +130,13 @@ def http_log_req(_logger, args, kwargs): else: string_parts.append(' %s' % element) - for element in kwargs['headers']: - header = ' -H "%s: %s"' % (element, kwargs['headers'][element]) + for (key, value) in six.iteritems(kwargs['headers']): + if key in SENSITIVE_HEADERS: + v = value.encode('utf-8') + h = hashlib.sha1(v) + d = h.hexdigest() + value = "{SHA1}%s" % d + header = ' -H "%s: %s"' % (key, value) string_parts.append(header) if 'body' in kwargs and kwargs['body']: |