External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-28 16:28:43 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #310 from ryanpetrello/fix-7476

Browse Source 
properly sanitize conf.settings debug logs
This commit is contained in:
Ryan Petrello
2017-08-21 11:18:13 -04:00
committed by GitHub
parent 49aa43f8e4 0b68ad9b10
commit b5903ab7f4
1 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
awx/conf/settings.py
View File

@@ -69,6 +69,12 @@ def _log_database_error():
pass pass
def filter_sensitive(registry, key, value):
if registry.is_setting_encrypted(key):
return '$encrypted$'
return value
class EncryptedCacheProxy(object): class EncryptedCacheProxy(object):
def __init__(self, cache, registry, encrypter=None, decrypter=None): def __init__(self, cache, registry, encrypter=None, decrypter=None):
@@ -105,9 +111,13 @@ class EncryptedCacheProxy(object):
six.text_type(value) six.text_type(value)
except UnicodeDecodeError: except UnicodeDecodeError:
value = value.decode('utf-8') value = value.decode('utf-8')
logger.debug('cache get(%r, %r) -> %r', key, empty, filter_sensitive(self.registry, key, value))
return value return value
def set(self, key, value, **kwargs): def set(self, key, value, log=True, **kwargs):
if log is True:
logger.debug('cache set(%r, %r, %r)', key, filter_sensitive(self.registry, key, value),
SETTING_CACHE_TIMEOUT)
self.cache.set( self.cache.set(
key, key,
self._handle_encryption(self.encrypter, key, value), self._handle_encryption(self.encrypter, key, value),
@@ -115,8 +125,13 @@ class EncryptedCacheProxy(object):
) )
def set_many(self, data, **kwargs): def set_many(self, data, **kwargs):
filtered_data = dict(
(key, filter_sensitive(self.registry, key, value))
for key, value in data.items()
)
logger.debug('cache set_many(%r, %r)', filtered_data, SETTING_CACHE_TIMEOUT)
for key, value in data.items(): for key, value in data.items():
self.set(key, value, **kwargs) self.set(key, value, log=False, **kwargs)
def _handle_encryption(self, method, key, value): def _handle_encryption(self, method, key, value):
TransientSetting = namedtuple('TransientSetting', ['pk', 'value']) TransientSetting = namedtuple('TransientSetting', ['pk', 'value'])
@@ -277,7 +292,6 @@ class SettingsWrapper(UserSettingsHolder):
logger.debug('Saving id in cache for encrypted setting %s', k) logger.debug('Saving id in cache for encrypted setting %s', k)
self.cache.set(Setting.get_cache_id_key(k), id_val) self.cache.set(Setting.get_cache_id_key(k), id_val)
settings_to_cache['_awx_conf_preload_expires'] = self._awx_conf_preload_expires settings_to_cache['_awx_conf_preload_expires'] = self._awx_conf_preload_expires
logger.debug('cache set_many(%r, %r)', settings_to_cache, SETTING_CACHE_TIMEOUT)
self.cache.set_many(settings_to_cache, timeout=SETTING_CACHE_TIMEOUT) self.cache.set_many(settings_to_cache, timeout=SETTING_CACHE_TIMEOUT)
def _get_local(self, name): def _get_local(self, name):
@@ -287,7 +301,6 @@ class SettingsWrapper(UserSettingsHolder):
cache_value = self.cache.get(cache_key, default=empty) cache_value = self.cache.get(cache_key, default=empty)
except ValueError: except ValueError:
cache_value = empty cache_value = empty
logger.debug('cache get(%r, %r) -> %r', cache_key, empty, cache_value)
if cache_value == SETTING_CACHE_NOTSET: if cache_value == SETTING_CACHE_NOTSET:
value = empty value = empty
elif cache_value == SETTING_CACHE_NONE: elif cache_value == SETTING_CACHE_NONE:
@@ -326,9 +339,6 @@ class SettingsWrapper(UserSettingsHolder):
if value is None and SETTING_CACHE_NOTSET == SETTING_CACHE_NONE: if value is None and SETTING_CACHE_NOTSET == SETTING_CACHE_NONE:
value = SETTING_CACHE_NOTSET value = SETTING_CACHE_NOTSET
if cache_value != value: if cache_value != value:
logger.debug('cache set(%r, %r, %r)', cache_key,
get_cache_value(value),
SETTING_CACHE_TIMEOUT)
if setting_id: if setting_id:
logger.debug('Saving id in cache for encrypted setting %s', cache_key) logger.debug('Saving id in cache for encrypted setting %s', cache_key)
self.cache.set(Setting.get_cache_id_key(cache_key), setting_id) self.cache.set(Setting.get_cache_id_key(cache_key), setting_id)