From ad96143ee092e77dc8c912bdeedef1e79a1eda38 Mon Sep 17 00:00:00 2001 From: Ivan Habunek Date: Mon, 11 May 2020 12:46:27 +0200 Subject: [PATCH] Censor authorization header value in logs --- toot/logging.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/toot/logging.py b/toot/logging.py index 4b72338..9730cca 100644 --- a/toot/logging.py +++ b/toot/logging.py @@ -3,11 +3,21 @@ from logging import getLogger logger = getLogger('toot') +def censor_secrets(headers): + def _censor(k, v): + if k == "Authorization": + return (k, "***CENSORED***") + return k, v + + return {_censor(k, v) for k, v in headers.items()} + + def log_request(request): logger.debug(">>> \033[32m{} {}\033[0m".format(request.method, request.url)) if request.headers: - logger.debug(">>> HEADERS: \033[33m{}\033[0m".format(request.headers)) + headers = censor_secrets(request.headers) + logger.debug(">>> HEADERS: \033[33m{}\033[0m".format(headers)) if request.data: logger.debug(">>> DATA: \033[33m{}\033[0m".format(request.data))