Merge pull request #477 from matrix-org/erikj/access_token_log

Don't log urlencoded access_tokens
matrix-org · Jan 19, 2016 · 7a079ad · 7a079ad
2 parents b8518ff + 44b4fc5
commit 7a079ad
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py
@@ -88,6 +88,9 @@
 logger = logging.getLogger("synapse.app.homeserver")
 
 
+ACCESS_TOKEN_RE = re.compile(r'(\?.*access(_|%5[Ff])token=)[^&]*(.*)$')
+
+
 def gz_wrap(r):
     return EncodingResourceWrapper(r, [GzipEncoderFactory()])
 
@@ -495,9 +498,8 @@ def __repr__(self):
         )
 
     def get_redacted_uri(self):
-        return re.sub(
-            r'(\?.*access_token=)[^&]*(.*)$',
-            r'\1<redacted>\2',
+        return ACCESS_TOKEN_RE.sub(
+            r'\1<redacted>\3',
             self.uri
         )