From 8f8b884430d29e30688becf4bc38e48014a25851 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 8 Jan 2016 17:48:08 +0000 Subject: [PATCH 1/2] Don't log urlencoded access_tokens --- synapse/app/homeserver.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py index 58a4c812f6b1..bafac884a373 100755 --- a/synapse/app/homeserver.py +++ b/synapse/app/homeserver.py @@ -496,8 +496,8 @@ def __repr__(self): def get_redacted_uri(self): return re.sub( - r'(\?.*access_token=)[^&]*(.*)$', - r'\1\2', + r'(\?.*accesss(_|%5[Ff])token=)[^&]*(.*)$', + r'\1\3', self.uri ) From 44b4fc5f50e9e77ec43e34b71041abdb272c6dea Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 13 Jan 2016 11:47:32 +0000 Subject: [PATCH 2/2] Use compiled regex --- synapse/app/homeserver.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py index bafac884a373..6928d9d3e438 100755 --- a/synapse/app/homeserver.py +++ b/synapse/app/homeserver.py @@ -88,6 +88,9 @@ logger = logging.getLogger("synapse.app.homeserver") +ACCESS_TOKEN_RE = re.compile(r'(\?.*access(_|%5[Ff])token=)[^&]*(.*)$') + + def gz_wrap(r): return EncodingResourceWrapper(r, [GzipEncoderFactory()]) @@ -495,8 +498,7 @@ def __repr__(self): ) def get_redacted_uri(self): - return re.sub( - r'(\?.*accesss(_|%5[Ff])token=)[^&]*(.*)$', + return ACCESS_TOKEN_RE.sub( r'\1\3', self.uri )