mirror/doorman
1
0
Fork 0
mirror of https://github.com/apidoorman/doorman.git synced 2026-04-29 04:39:54 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
864a883e21b69f2c5d97be82bfa65b60ed7dd830
doorman/backend-services/sitecustomize.py
T
seniorswe 8c2d5e8fc9 test fix
2025-10-03 22:44:01 -04:00

54 lines
1.7 KiB
Python
Raw Blame History

"""
Attach a redaction filter to Doorman loggers when Python starts under this
package path. Python imports `sitecustomize` automatically at interpreter
startup if it's importable from sys.path; placing this file under
backend-services ensures tests run from that directory get the filter.
"""
import logging
import re
import sys
class _RedactFilter(logging.Filter):
PATTERNS = [
re.compile(r'(?i)(authorization\s*[:=]\s*)([^;\r\n]+)'),
re.compile(r'(?i)(access[_-]?token\s*[\"\']?\s*[:=]\s*[\"\'])([^\"\']+)([\"\'])'),
re.compile(r'(?i)(refresh[_-]?token\s*[\"\']?\s*[:=]\s*[\"\'])([^\"\']+)([\"\'])'),
re.compile(r'(?i)(password\s*[\"\']?\s*[:=]\s*[\"\'])([^\"\']+)([\"\'])'),
re.compile(r'(?i)(cookie\s*[:=]\s*)([^;\r\n]+)'),
re.compile(r'(?i)(x-csrf-token\s*[:=]\s*)([^\s,;]+)'),
]
def filter(self, record: logging.LogRecord) -> bool:
try:
msg = str(record.getMessage())
red = msg
for pat in self.PATTERNS:
red = pat.sub(lambda m: (m.group(1) + '[REDACTED]' + (m.group(3) if m.lastindex and m.lastindex >= 3 else '')), red)
if red != msg:
record.msg = red
except Exception:
pass
return True
def _ensure_logger(name: str):
logger = logging.getLogger(name)
# If the logger already has a handler with a filter, leave it alone
for h in logger.handlers:
if h.filters:
return
h = logging.StreamHandler(stream=sys.stdout)
h.setLevel(logging.INFO)
h.addFilter(_RedactFilter())
logger.addHandler(h)
try:
_ensure_logger('doorman.gateway')
_ensure_logger('doorman.logging')
except Exception:
pass
Reference in New Issue View Git Blame Copy Permalink