Try to not leak sensitive headers when logging HTTP errors

fiaas · Jan 19, 2018 · f478856 · f478856
1 parent 9df3073
commit f478856
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 2 deletions.
diff --git a/k8s/client.py b/k8s/client.py
@@ -9,10 +9,38 @@
 
 from . import config
 
-DEFAULT_TIMEOUT_SECONDS = 10
 LOG = logging.getLogger(__name__)
 LOG.addHandler(logging.NullHandler())
 
+DEFAULT_TIMEOUT_SECONDS = 10
+SENSITIVE_HEADERS = {
+    # Wordlist lifted from https://github.com/google/har-sanitizer/blob/master/harsanitizer/static/wordlist.json
+    "state",
+    "shdf",
+    "usg",
+    "password",
+    "email",
+    "code",
+    "code_verifier",
+    "client_secret",
+    "client_id",
+    "token",
+    "access_token",
+    "authenticity_token",
+    "id_token",
+    "appid",
+    "challenge",
+    "facetid",
+    "assertion",
+    "fcparams",
+    "serverdata",
+    "authorization",
+    "auth",
+    "x-client-data",
+    "samlrequest",
+    "samlresponse"
+}
+
 
 class K8sClientException(RequestException):
     pass
@@ -125,4 +153,6 @@ def _add_request(message, request):
     @staticmethod
     def _add_headers(message, headers, prefix):
         for key, value in headers.items():
+            if key.lower() in SENSITIVE_HEADERS:
+                value = "#REDACTED#"
             message.append("{} {}: {}".format(prefix, key, value))
diff --git a/tests/k8s/test_client.py b/tests/k8s/test_client.py
@@ -4,9 +4,9 @@
 import mock
 import pytest
 
-from k8s.client import Client, DEFAULT_TIMEOUT_SECONDS
 from k8s import config
 from k8s.base import Model, Field
+from k8s.client import Client, DEFAULT_TIMEOUT_SECONDS
 
 
 @pytest.mark.usefixtures("k8s_config")
@@ -96,6 +96,17 @@ def test_watch_list(self, session):
             "GET", _absolute_url("/watch/example"), json=None, timeout=None, stream=True
         )
 
+    @pytest.mark.parametrize("key", (
+            "client_id",
+            "authorization"
+    ))
+    def test_redacts_sensitive_headers(self, key):
+        message = []
+        sensitive_value = "super sensitive data that should not be exposed"
+        Client._add_headers(message, {key: sensitive_value}, "")
+        text = "".join(message)
+        assert sensitive_value not in text
+
 
 def _absolute_url(url):
     return config.api_server + url