logging: filter out http 403 messages in request context filter (#56711)

2021-09-15 15:31:29 +02:00 · 2021-09-15 15:31:29 +02:00 · ded8905ebc
parent f9de8f6f6d
commit ded8905ebc
3 changed files with 23 additions and 0 deletions
--- a/hobo/logger.py
+++ b/hobo/logger.py
@ -54,6 +54,10 @@ class RequestContextFilter(logging.Filter):

        Inspired by django-log-request-id
        """
+        # remove http 403 records, already logged by uwsgi
+        if hasattr(record, 'status_code') and record.status_code == 403:
+            return False
+
        # prevent multiple execution on the same record
        if getattr(record, 'request_context', False):
            return True
--- a/hobo/test_urls.py
+++ b/hobo/test_urls.py
@ -1,6 +1,7 @@
 import logging

 from django.conf.urls import url
+from django.core.exceptions import PermissionDenied
 from django.http import HttpResponse


@ -8,6 +9,8 @@ def helloworld(request):
    logging.getLogger(__name__).error('wat!')
    if 'raise' in request.GET:
        raise Exception('wat!')
+    if 'forbidden' in request.GET:
+        raise PermissionDenied('forbidden access')
    request.META['CSRF_COOKIE_USED'] = True
    request.META['CSRF_COOKIE'] = 'xxx'
    return HttpResponse('Hello world %s' % request.META['REMOTE_ADDR'])
--- a/tests_multitenant/test_request_context_filter.py
+++ b/tests_multitenant/test_request_context_filter.py
@ -3,6 +3,7 @@ import logging
 import pytest
 from _pytest.logging import LogCaptureHandler
 from django.contrib.auth.models import User
+from django.test import override_settings
 from tenant_schemas.utils import tenant_context

 from hobo.journal import JournalHandler
@ -35,6 +36,21 @@ def test_request_context_filter(caplog, settings, tenants, client):
            user.save()
            user.saml_identifiers.create(name_id='ab' * 16, issuer='https://idp.example.com')

+    for tenant in tenants:
+        settings.ALLOWED_HOSTS.append(tenant.domain_url)
+        with override_settings(ROOT_URLCONF='hobo.test_urls'):
+            client.get(
+                '/?forbidden=123',
+                SERVER_NAME=tenant.domain_url,
+                HTTP_X_FORWARDED_FOR='99.99.99.99, 127.0.0.1',
+            )
+    records = [record for record in caplog.records]
+    assert len(records) == 2  # on test_urls' "wat!" test error has been logged
+    for record in records:
+        assert not hasattr(record, 'status_code')  # hence no 403 logged
+        assert record.msg != 'forbidden access'
+    caplog.clear()
+
    for tenant in tenants:
        settings.ALLOWED_HOSTS.append(tenant.domain_url)
        with tenant_context(tenant):