diff options
author | Jamie Lennox <jamielennox@gmail.com> | 2016-09-28 15:03:53 +1000 |
---|---|---|
committer | Jeremy Stanley <fungi@yuggoth.org> | 2017-01-26 18:25:45 +0000 |
commit | 6c0f50c1f5f4122b31dbfe25aacdce596bf4b648 (patch) | |
tree | 929e623a758807e52f697c89f47ea41f16bb2115 /oslo_middleware/tests/test_catch_errors.py | |
parent | 5b6a04b48354f50baa58112a06e1ede84f00df1a (diff) | |
download | oslo-middleware-6c0f50c1f5f4122b31dbfe25aacdce596bf4b648.tar.gz |
Filter token data out of catch_errors middlewarenewton-eol3.19.1stable/newton
If an exception is caught by the catch_errors middleware the entire
request is dumped into the log including sensitive information like
tokens. Filter that information before outputting the failed request.
Closes-Bug: #1628031
Change-Id: I2563403993513c37751576223275350cac2e0937
Diffstat (limited to 'oslo_middleware/tests/test_catch_errors.py')
-rw-r--r-- | oslo_middleware/tests/test_catch_errors.py | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/oslo_middleware/tests/test_catch_errors.py b/oslo_middleware/tests/test_catch_errors.py index 920bbe2..0b675e2 100644 --- a/oslo_middleware/tests/test_catch_errors.py +++ b/oslo_middleware/tests/test_catch_errors.py @@ -13,6 +13,7 @@ # License for the specific language governing permissions and limitations # under the License. +import fixtures import mock from oslotest import base as test_base import webob.dec @@ -45,3 +46,27 @@ class CatchErrorsTest(test_base.BaseTestCase): self._test_has_request_id(application, webob.exc.HTTPInternalServerError.code) self.assertEqual(1, log_exc.call_count) + + def test_filter_tokens_from_log(self): + logger = self.useFixture(fixtures.FakeLogger(nuke_handlers=False)) + + @webob.dec.wsgify + def application(req): + raise Exception() + + app = catch_errors.CatchErrors(application) + req = webob.Request.blank('/test', + text=u'test data', + method='POST', + headers={'X-Auth-Token': 'secret1', + 'X-Service-Token': 'secret2', + 'X-Other-Token': 'secret3'}) + res = req.get_response(app) + self.assertEqual(500, res.status_int) + + output = logger.output + + self.assertIn('X-Auth-Token: <removed>', output) + self.assertIn('X-Service-Token: <removed>', output) + self.assertIn('X-Other-Token: <removed>', output) + self.assertIn('test data', output) |