github/sprockets-postgres
1
0
Fork 0
mirror of https://github.com/sprockets/sprockets-postgres.git synced 2024-09-21 10:10:57 +00:00
Code Issues Projects Releases Packages Wiki Activity

Obscure password in debug logs.

Browse source 
Obscure password in the postgres connection DSN when logging in debug mode.
Will also not print the DSN with obscured password when failing to connect
at start up.
This commit is contained in:
Brian Korty 2020-09-01 10:55:06 -04:00
parent ce6e2ecee7
commit 893308e340
2 changed files with 33 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
sprockets_postgres.py
View file

@ -444,7 +444,9 @@ class ApplicationMixin:
if self._postgres_pool: if self._postgres_pool:
self._postgres_pool.close() self._postgres_pool.close()
LOGGER.debug('Connecting to %s', url) safe_url = self._obscure_url_password(url)
LOGGER.debug('Connecting to %s', safe_url)
try: try:
self._postgres_pool = await pool.Pool.from_pool_fill( self._postgres_pool = await pool.Pool.from_pool_fill(
url, url,
@ -475,13 +477,25 @@ class ApplicationMixin:
DEFAULT_POSTGRES_CONNECTION_TTL))) DEFAULT_POSTGRES_CONNECTION_TTL)))
except (psycopg2.OperationalError, except (psycopg2.OperationalError,
psycopg2.Error) as error: # pragma: nocover psycopg2.Error) as error: # pragma: nocover
LOGGER.warning('Error connecting to PostgreSQL on startup: %s', LOGGER.warning(
error) 'Error connecting to PostgreSQL on startup with %s: %s',
safe_url, error)
return False return False
self._postgres_connected.set() self._postgres_connected.set()
LOGGER.debug('Connected to Postgres') LOGGER.debug('Connected to Postgres')
return True return True
@staticmethod
def _obscure_url_password(url):
"""Generate log safe url with password obscured."""
parsed = parse.urlparse(url)
if parsed.password:
netloc = '{}:*****@{}:{}'.format(parsed.username,
parsed.hostname,
parsed.port)
url = parse.urlunparse(parsed._replace(netloc=netloc))
return url
async def _postgres_on_start(self, async def _postgres_on_start(self,
_app: web.Application, _app: web.Application,
loop: ioloop.IOLoop): loop: ioloop.IOLoop):

16
tests.py
View file

@ -579,6 +579,22 @@ class MissingURLTestCase(unittest.TestCase):
obj.stop.assert_called_once() obj.stop.assert_called_once()
class ObscurePasswordUrlTestCase(unittest.TestCase):
def test_passwords_obscured(self):
for url, expected in {
'postgresql://server:5432/database':
'postgresql://server:5432/database',
'postgresql://username:password@server:5432/database':
'postgresql://username:*****@server:5432/database',
'postgresql://username@server/database':
'postgresql://username@server/database'
}.items():
result = \
sprockets_postgres.ApplicationMixin._obscure_url_password(url)
self.assertEqual(result, expected)
SRV = collections.namedtuple( SRV = collections.namedtuple(
'SRV', ['host', 'port', 'priority', 'weight', 'ttl']) 'SRV', ['host', 'port', 'priority', 'weight', 'ttl'])