Filter private key of Lasso Dumps before logging.
The private key in the XML dumps of Lasso is filtered before logging.
This commit is contained in:
parent
8a8776475a
commit
35b524db38
|
@ -3,6 +3,16 @@ import lasso
|
|||
import x509utils
|
||||
import base64
|
||||
import binascii
|
||||
import re
|
||||
|
||||
def filter_attribute_private_key(message):
|
||||
return re.sub(r' (\w+:)?(PrivateKey=")([&#;\w/ +-=])+(")', '', message)
|
||||
|
||||
def filter_element_private_key(message):
|
||||
return re.sub(r'(<saml)(p)?(:PrivateKeyFile>-----BEGIN RSA PRIVATE KEY-----)'
|
||||
'([&#;\w/+=\s])+'
|
||||
'(-----END RSA PRIVATE KEY-----</saml)(p)?(:PrivateKeyFile>)',
|
||||
'', message)
|
||||
|
||||
def bool2xs(boolean):
|
||||
'''Convert a boolean value to XSchema boolean representation'''
|
||||
|
|
|
@ -247,9 +247,15 @@ IDP_CAS = False
|
|||
# CAS_TICKET_EXPIRATION = 240
|
||||
|
||||
# Logging settings
|
||||
|
||||
LOGGING = {
|
||||
'version': 1,
|
||||
'disable_existing_loggers': True,
|
||||
'filters': {
|
||||
'cleaning': {
|
||||
'()': 'authentic2.utils.CleanLogMessage',
|
||||
},
|
||||
},
|
||||
'formatters': {
|
||||
'verbose': {
|
||||
'format': '[%(asctime)s] %(levelname)-8s %(name)s.%(message)s',
|
||||
|
@ -264,22 +270,26 @@ LOGGING = {
|
|||
'console': {
|
||||
'level':'DEBUG',
|
||||
'class':'logging.StreamHandler',
|
||||
'formatter': 'verbose'
|
||||
'formatter': 'verbose',
|
||||
'filters': ['cleaning'],
|
||||
},
|
||||
'local_file': {
|
||||
'level':'DEBUG',
|
||||
'class':'logging.FileHandler',
|
||||
'formatter': 'verbose',
|
||||
'filename': os.path.join(_PROJECT_PATH, 'log.log'),
|
||||
'filters': ['cleaning'],
|
||||
},
|
||||
'syslog': {
|
||||
'level':'INFO',
|
||||
'class':'logging.handlers.SysLogHandler',
|
||||
'filters': ['cleaning'],
|
||||
},
|
||||
'mail_admins': {
|
||||
'level': 'ERROR',
|
||||
'class': 'django.utils.log.AdminEmailHandler',
|
||||
'include_html': True,
|
||||
'filters': ['cleaning'],
|
||||
}
|
||||
},
|
||||
'loggers': {
|
||||
|
|
|
@ -1,11 +1,23 @@
|
|||
import time
|
||||
import hashlib
|
||||
import datetime as dt
|
||||
import logging
|
||||
|
||||
from django.views.decorators.http import condition
|
||||
from django.conf import settings
|
||||
from django.http import HttpResponse
|
||||
|
||||
from authentic2.saml.saml2utils import filter_attribute_private_key, \
|
||||
filter_element_private_key
|
||||
|
||||
|
||||
class CleanLogMessage(logging.Filter):
|
||||
def filter(self, record):
|
||||
record.msg = filter_attribute_private_key(record.msg)
|
||||
record.msg = filter_element_private_key(record.msg)
|
||||
return True
|
||||
|
||||
|
||||
class MWT(object):
|
||||
"""Memoize With Timeout"""
|
||||
_caches = {}
|
||||
|
|
Loading…
Reference in New Issue