Merge pull request #35 from cloudblue/LITE-22290

LITE-22290: Obfuscate Authorization header

Author: ffaraoneim

connect/client/logger.py

@@ -6,6 +6,12 @@ class RequestLogger:
     def __init__(self, file=sys.stdout):
         self._file = file
 
+    def obfuscate(self, value):
+        if value.startswith('ApiKey SU-'):
+            return value.split(':')[0] + '*' * 10
+        else:
+            return '*' * 20
+
     def log_request(self, method, url, kwargs):
         other_args = {k: v for k, v in kwargs.items() if k not in ('headers', 'json', 'params')}
 
@@ -20,6 +26,8 @@ def log_request(self, method, url, kwargs):
 
         if 'headers' in kwargs:
             for k, v in kwargs['headers'].items():
+                if k == 'Authorization':
+                    v = self.obfuscate(v)
                 lines.append(f'{k}: {v}')
 
         if 'json' in kwargs:

tests/client/test_logger.py

@@ -20,9 +20,27 @@ def test_log_request():
 
     ios.truncate(0)
     ios.seek(0, 0)
-    rl.log_request('get', PATH1, {'headers': {'Auth': 'None', 'Cookie': 'XXX'}})
+    rl.log_request(
+        'get',
+        PATH1,
+        {'headers': {'Auth': 'None', 'Cookie': 'XXX', 'Authorization': 'ApiKey SU-XXXX:YYYYY'}},
+    )
     assert ios.getvalue() == LOG_REQUEST_HEADER + 'GET ' + PATH1 + ' \n' + """Auth: None
 Cookie: XXX
+Authorization: ApiKey SU-XXXX**********
+
+"""
+
+    ios.truncate(0)
+    ios.seek(0, 0)
+    rl.log_request(
+        'get',
+        PATH1,
+        {'headers': {'Auth': 'None', 'Cookie': 'XXX', 'Authorization': 'SecretToken'}},
+    )
+    assert ios.getvalue() == LOG_REQUEST_HEADER + 'GET ' + PATH1 + ' \n' + """Auth: None
+Cookie: XXX
+Authorization: ********************
 
 """
 
@@ -52,7 +70,7 @@ def test_log_request():
     assert ios.getvalue() == LOG_REQUEST_HEADER + 'GET ' + PATH2 + '&limit=10&offset=0 \n\n'
 
 
-def test_log_resposne(mocker):
+def test_log_response(mocker):
     LOG_RESPONSE_HEADER = '--- HTTP Response ---\n'
 
     ios = io.StringIO()