Merge pull request #137 from nekokatt/task/mask-token-from-logs

Added logic to debug flows to remove tokens from output debug logs.
hikari-py · Sep 8, 2020 · d9a7283 · d9a7283
2 parents f39ed5b + cf95084
commit d9a7283
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 17 deletions.
diff --git a/hikari/impl/rest.py b/hikari/impl/rest.py
@@ -508,14 +508,8 @@ async def _request(
                 uuid = date.uuid()
 
                 if self._debug:
-                    headers_str = "\n".join(f"\t\t{name}:{value}" for name, value in headers.items())
                     _LOGGER.debug(
-                        "%s %s %s\n\theaders:\n%s\n\tbody:\n\t\t%r",
-                        uuid,
-                        compiled_route.method,
-                        url,
-                        headers_str,
-                        json,
+                        "%s %s %s\n%s", uuid, compiled_route.method, url, self._stringify_http_message(headers, json)
                     )
                 else:
                     _LOGGER.debug("%s %s %s", uuid, compiled_route.method, url)
@@ -539,17 +533,13 @@ async def _request(
                 time_taken = (date.monotonic() - start) * 1_000
 
                 if self._debug:
-                    headers_str = "\n".join(
-                        f"\t\t{name.decode('utf-8')}:{value.decode('utf-8')}" for name, value in response.raw_headers
-                    )
                     _LOGGER.debug(
-                        "%s %s %s in %sms\n\theaders:\n%s\n\tbody:\n\t\t%r",
+                        "%s %s %s in %sms\n%s",
                         uuid,
                         response.status,
                         response.reason,
                         time_taken,
-                        headers_str,
-                        await response.read(),
+                        self._stringify_http_message(response.headers, await response.read()),
                     )
                 else:
                     _LOGGER.debug("%s %s %s in %sms", uuid, response.status, response.reason, time_taken)
@@ -576,6 +566,19 @@ async def _request(
             except self._RetryRequest:
                 continue
 
+    @typing.final
+    def _stringify_http_message(self, headers: data_binding.Headers, body: typing.Any) -> str:
+        string = "\n".join(
+            f"    {name}: {value}" if name != constants.AUTHORIZATION_HEADER else f"    {name}: **REDACTED TOKEN**"
+            for name, value in headers.items()
+        )
+
+        if body is not None:
+            string += "\n\n    "
+            string += body.decode("ascii") if isinstance(body, bytes) else str(body)
+
+        return string
+
     @staticmethod
     @typing.final
     async def _handle_error_response(response: aiohttp.ClientResponse) -> typing.NoReturn:

diff --git a/hikari/impl/shard.py b/hikari/impl/shard.py
@@ -100,12 +100,13 @@ class _V6GatewayTransport(aiohttp.ClientWebSocketResponse):
     Payload logging is also performed here.
     """
 
-    __slots__: typing.Sequence[str] = ("_zlib", "_logger", "_debug")
+    __slots__: typing.Sequence[str] = ("_zlib", "_logger", "_debug", "_token")
 
     # Initialized from `connect'
     _zlib: zlib._Decompress
     _logger: logging.Logger
     _debug: bool
+    _token: str
 
     def __init__(self, *args: typing.Any, **kwargs: typing.Any) -> None:
         super().__init__(*args, **kwargs)
@@ -186,7 +187,12 @@ async def _receive_and_check(self, timeout: typing.Optional[float], /) -> str:
 
     def _log_debug_payload(self, payload: str, message: str, /) -> None:
         if self._debug:
-            self._logger.debug("%s payload with size %s\n\t\t%s", message, len(payload), payload)
+            self._logger.debug(
+                "%s payload with size %s\n    %s",
+                message,
+                len(payload),
+                payload.replace(self._token, "**REDACTED TOKEN**"),
+            )
         else:
             self._logger.debug("%s payload with size %s", message, len(payload))
 
@@ -197,8 +203,9 @@ async def connect(
         *,
         debug: bool,
         http_config: config.HTTPSettings,
-        proxy_config: config.ProxySettings,
         logger: logging.Logger,
+        proxy_config: config.ProxySettings,
+        token: str,
         url: str,
     ) -> typing.AsyncGenerator[_V6GatewayTransport, None]:
         """Generate a single-use websocket connection.
@@ -242,6 +249,9 @@ async def connect(
                             assert isinstance(ws, cls)
                             ws._logger = logger
                             ws._debug = debug
+                            # We store this so we can remove it from debug logs
+                            # which enables people to send me logs in issues safely.
+                            ws._token = token
 
                             yield ws
                         except errors.GatewayError:
@@ -742,6 +752,7 @@ async def _run_once(self) -> bool:
                 http_config=self._http_settings,
                 logger=self._logger,
                 proxy_config=self._proxy_settings,
+                token=self._token,
                 url=self._url,
             ) as self._ws:
                 # Dispatch CONNECTED synthetic event.

diff --git a/tests/hikari/impl/test_rest.py b/tests/hikari/impl/test_rest.py
@@ -810,7 +810,7 @@ class StubResponse:
             status = http.HTTPStatus.OK
             content_type = constants.APPLICATION_JSON
             reason = "cause why not"
-            raw_headers = ((b"HEADER", b"value"), (b"HEADER", b"value"))
+            headers = {"HEADER": "value", "HEADER": "value"}
 
             async def read(self):
                 return '{"something": null}'