diff options
| author | Matthew Oliver <matt@oliver.net.au> | 2022-02-03 16:29:53 +1100 |
|---|---|---|
| committer | Alistair Coles <alistairncoles@gmail.com> | 2022-02-09 10:53:46 +0000 |
| commit | f2c279bae94689e2062beb6d0030d168a0b4cbdf (patch) | |
| tree | 7b3d56149b30b96280a4db12e1c8cb859946cc42 /doc | |
| parent | 57f17ace7c911b80587a03634346478b6ca432e8 (diff) | |
| download | swift-f2c279bae94689e2062beb6d0030d168a0b4cbdf.tar.gz | |
Trim sensitive information in the logs (CVE-2017-8761)
Several headers and query params were previously revealed in logs but
are now redacted:
* X-Auth-Token header (previously redacted in the {auth_token} field,
but not the {headers} field)
* temp_url_sig query param (used by tempurl middleware)
* Authorization header and X-Amz-Signature and Signature query
parameters (used by s3api middleware)
This patch adds some new middleware helper methods to track headers and
query parameters that should be redacted by proxy-logging. While
instantiating the middleware, authors can call either:
register_sensitive_header('case-insensitive-header-name')
register_sensitive_param('case-sensitive-query-param-name')
to add items that should be redacted. The redaction uses proxy-logging's
existing reveal_sensitive_prefix config option to determine how much to
reveal.
Note that query params will still be logged in their entirety if
eventlet_debug is enabled.
UpgradeImpact
=============
The reveal_sensitive_prefix config option now applies to more items;
operators should review their currently-configured value to ensure it
is appropriate for these new contexts. In particular, operators should
consider reducing the value if it is more than 20 or so, even if that
previously offered sufficient protection for auth tokens.
Co-Authored-By: Tim Burke <tim.burke@gmail.com>
Closes-Bug: #1685798
Change-Id: I88b8cfd30292325e0870029058da6fb38026ae1a
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/source/development_middleware.rst | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/doc/source/development_middleware.rst b/doc/source/development_middleware.rst index 24d6fb7c7..1f7e9e369 100644 --- a/doc/source/development_middleware.rst +++ b/doc/source/development_middleware.rst @@ -178,13 +178,25 @@ Middleware may advertize its availability and capabilities via Swift's :ref:`discoverability` support by using :func:`.register_swift_info`:: - from swift.common.utils import register_swift_info + from swift.common.registry import register_swift_info def webhook_factory(global_conf, **local_conf): register_swift_info('webhook') def webhook_filter(app): return WebhookMiddleware(app) return webhook_filter +If a middleware handles sensitive information in headers or query parameters +that may need redaction when logging, use the :func:`.register_sensitive_header` +and :func:`.register_sensitive_param` functions. This should be done in the +filter factory:: + + from swift.common.registry import register_sensitive_header + def webhook_factory(global_conf, **local_conf): + register_sensitive_header('webhook-api-key') + def webhook_filter(app): + return WebhookMiddleware(app) + return webhook_filter + -------------- Swift Metadata |