From f47885616e578d3c8963a749f3175b54a9c7d7c9 Mon Sep 17 00:00:00 2001
From: Morten Lied Johansen <mortenjo@ifi.uio.no>
Date: Fri, 19 Jan 2018 12:57:37 +0100
Subject: [PATCH] Try to not leak sensitive headers when logging HTTP errors

---
 k8s/client.py            | 32 +++++++++++++++++++++++++++++++-
 tests/k8s/test_client.py | 13 ++++++++++++-
 2 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/k8s/client.py b/k8s/client.py
index 21d83fc..99c0c7c 100644
--- a/k8s/client.py
+++ b/k8s/client.py
@@ -9,10 +9,38 @@
 
 from . import config
 
-DEFAULT_TIMEOUT_SECONDS = 10
 LOG = logging.getLogger(__name__)
 LOG.addHandler(logging.NullHandler())
 
+DEFAULT_TIMEOUT_SECONDS = 10
+SENSITIVE_HEADERS = {
+    # Wordlist lifted from https://github.com/google/har-sanitizer/blob/master/harsanitizer/static/wordlist.json
+    "state",
+    "shdf",
+    "usg",
+    "password",
+    "email",
+    "code",
+    "code_verifier",
+    "client_secret",
+    "client_id",
+    "token",
+    "access_token",
+    "authenticity_token",
+    "id_token",
+    "appid",
+    "challenge",
+    "facetid",
+    "assertion",
+    "fcparams",
+    "serverdata",
+    "authorization",
+    "auth",
+    "x-client-data",
+    "samlrequest",
+    "samlresponse"
+}
+
 
 class K8sClientException(RequestException):
     pass
@@ -125,4 +153,6 @@ def _add_request(message, request):
     @staticmethod
     def _add_headers(message, headers, prefix):
         for key, value in headers.items():
+            if key.lower() in SENSITIVE_HEADERS:
+                value = "#REDACTED#"
             message.append("{} {}: {}".format(prefix, key, value))
diff --git a/tests/k8s/test_client.py b/tests/k8s/test_client.py
index 00ad1bb..3ce30b5 100644
--- a/tests/k8s/test_client.py
+++ b/tests/k8s/test_client.py
@@ -4,9 +4,9 @@
 import mock
 import pytest
 
-from k8s.client import Client, DEFAULT_TIMEOUT_SECONDS
 from k8s import config
 from k8s.base import Model, Field
+from k8s.client import Client, DEFAULT_TIMEOUT_SECONDS
 
 
 @pytest.mark.usefixtures("k8s_config")
@@ -96,6 +96,17 @@ def test_watch_list(self, session):
             "GET", _absolute_url("/watch/example"), json=None, timeout=None, stream=True
         )
 
+    @pytest.mark.parametrize("key", (
+            "client_id",
+            "authorization"
+    ))
+    def test_redacts_sensitive_headers(self, key):
+        message = []
+        sensitive_value = "super sensitive data that should not be exposed"
+        Client._add_headers(message, {key: sensitive_value}, "")
+        text = "".join(message)
+        assert sensitive_value not in text
+
 
 def _absolute_url(url):
     return config.api_server + url