Strip access_token from outgoing requests

[t3chguy]

Fixes #2396

Signed-off-by: Michael Telatynski [email protected]

[turt2live]

How does this differ from #3230 ?

[t3chguy]

@turt2live this doesn't apply a regex to every line being logged, only applies regex to the URIs being logged from outgoing requests
The other PR would run two regexes;
one fixed one to strip access tokens from incoming reqs,
one configurable one to strip them from every log line.

Also: #3230 (comment)

[richvdh]

looks sensible in principle, but please could we export a redact_uri function from synapse.http (not site) and use that in both locations, rather than C&Ping the re.sub code?

[richvdh]

\o/

[turt2live]

There's still a few missed cases:

Errors:

2018-06-05 23:17:07,996 - synapse.http.client - 116 - INFO - - Error sending request to  PUT http://172.16.0.11:8184/_matrix/appservice/r0/transactions/1?access_token=ManuallyRedcated: TimeoutError

During startup the hs_token and as_token are leaked:

2018-06-05 23:18:46,627 - synapse.config.appservice - 80 - INFO - None- Loaded application service: ApplicationService: {'sender': '@_xyz:dev.t2bot.io', 'server_name': 'dev.t2bot.io', 'url': 'http://172.16.0.11:9005', 'rate_limited': True, 'id': '836ce04b44dd2358a2bf977364139eb3e6cf8e363a3374fcf062bddfcc30c5d52', 'token': 'ManuallyRedcated', 'namespaces': {'aliases': [{'regex': <_sre.SRE_Pattern object at 0x7ff7d9c07570>, 'exclusive': True}], 'rooms': [], 'users': [{'regex': <_sre.SRE_Pattern object at 0x7ff7d9c07490>, 'exclusive': True, 'group_id': '+.xyz:dev.t2bot.io'}]}, 'hs_token': 'ManuallyRedcated', 'protocols': set([])}

[turt2live]

and:

2018-06-05 23:27:30,871 - synapse.http.client - 109 - INFO - - Received response to  PUT https://REDACTED/transactions/1?access_token=REDACTED: 410

[t3chguy]

fixing this now @turt2live