diff options
| author | Brendan McCollam <bmccollam@uchicago.edu> | 2016-04-25 12:11:04 -0500 |
|---|---|---|
| committer | Brendan McCollam <bmccollam@uchicago.edu> | 2016-04-25 12:24:14 -0500 |
| commit | 28f5b265f782d07e6052f2e2be49d4b0e7208188 (patch) | |
| tree | 175faefdbe6612b4379421a325ea5a47ff3662f9 /oauthlib/common.py | |
| parent | fecf37b624c14c89a3ee15bb205b51b05575fc2e (diff) | |
| download | oauthlib-28f5b265f782d07e6052f2e2be49d4b0e7208188.tar.gz | |
Better sanitizing for common.Request.__repr__
Diffstat (limited to 'oauthlib/common.py')
| -rw-r--r-- | oauthlib/common.py | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/oauthlib/common.py b/oauthlib/common.py index df8b8d9..7d7da9c 100644 --- a/oauthlib/common.py +++ b/oauthlib/common.py @@ -36,7 +36,7 @@ UNICODE_ASCII_CHARACTER_SET = ('abcdefghijklmnopqrstuvwxyz' CLIENT_ID_CHARACTER_SET = (r' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMN' 'OPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}') -PASSWORD_PATTERN = re.compile(r'password=[^&]+') +SANITIZE_PATTERN = re.compile(r'([^&;]*(?:password|token)[^=]*=)[^&;]+', re.IGNORECASE) INVALID_HEX_PATTERN = re.compile(r'%[^0-9A-Fa-f]|%[0-9A-Fa-f][^0-9A-Fa-f]') always_safe = ('ABCDEFGHIJKLMNOPQRSTUVWXYZ' @@ -411,10 +411,13 @@ class Request(object): def __repr__(self): body = self.body - if body and 'password=' in body: - body = PASSWORD_PATTERN.sub('password=***', body) + headers = self.headers.copy() + if body: + body = SANITIZE_PATTERN.sub('\1<SANITIZED>', body) + if 'Authorization' in headers: + headers['Authorization'] = '<SANITIZED>' return '<oauthlib.Request url="%s", http_method="%s", headers="%s", body="%s">' % ( - self.uri, self.http_method, self.headers, body) + self.uri, self.http_method, headers, body) @property def uri_query(self): |