Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Censor API token from logging data #239

Open
fisher60 opened this issue Oct 6, 2022 · 2 comments
Open

Censor API token from logging data #239

fisher60 opened this issue Oct 6, 2022 · 2 comments
Labels
good first issue Good for newcomers Hacktoberfest help wanted Extra attention is needed priority: high Features with higher priority

Comments

@fisher60
Copy link
Owner

fisher60 commented Oct 6, 2022
edited
Loading

Summary

Login requests to the Friendo API are being removed from logging as a hotfix. We would still like to log these requests, but with the token censored.

friendo-bot/bot/graphql.py

Lines 11 to 16 in def1d8e

class LoginTokenLoggingFilter(logging.Filter):
"""Logging filter to remove api token from logging for friendo api requests."""
def filter(self, record: logging.LogRecord) -> bool:
"""Returns False if login token is in logging record."""
return "token" not in record.getMessage()

@fisher60 fisher60 added help wanted Extra attention is needed good first issue Good for newcomers priority: immediate Must be implemented immediately Hacktoberfest security Any change related to security labels Oct 6, 2022
@fisher60
Copy link
Owner Author

fisher60 commented Oct 6, 2022
edited by Xithrius
Loading

The current response looks like this

{
    "data": {
        "login": {
            "token": "big_bad_token_leak_here_needs_to_be_cleansed/removed"
        }
    }
}

@fisher60 fisher60 self-assigned this Oct 8, 2022
@fisher60 fisher60 mentioned this issue Oct 8, 2022
Merged
@fisher60 fisher60 removed their assignment Oct 22, 2022
@fisher60 fisher60 added priority: high Features with higher priority and removed priority: immediate Must be implemented immediately security Any change related to security labels Oct 22, 2022
@fisher60
Copy link
Owner Author

Hotfix applied in #252

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers Hacktoberfest help wanted Extra attention is needed priority: high Features with higher priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fisher60