Skip to content

Refactor unittest logs #90

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rayluo merged 1 commit into from
Sep 5, 2019
Merged

Refactor unittest logs #90

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 22 additions & 10 deletions msal/token_cache.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,18 +99,30 @@ def find(self, credential_type, target=None, query=None):

def add(self, event, now=None):
# type: (dict) -> None
# event typically contains: client_id, scope, token_endpoint,
# resposne, params, data, grant_type
for sensitive in ("password", "client_secret"):
if sensitive in event.get("data", {}):
# Hide them from accidental exposure in logging
event["data"][sensitive] = "********"
logger.debug("event=%s", json.dumps(
"""Handle a token obtaining event, and add tokens into cache.

Known side effects: This function modifies the input event in place.
"""
def wipe(dictionary, sensitive_fields): # Masks sensitive info
for sensitive in sensitive_fields:
if sensitive in dictionary:
dictionary[sensitive] = "********"
wipe(event.get("data", {}),
("password", "client_secret", "refresh_token", "assertion"))
try:
return self.__add(event, now=now)
finally:
wipe(event.get("response", {}), ("access_token", "refresh_token"))
logger.debug("event=%s", json.dumps(
# We examined and concluded that this log won't have Log Injection risk,
# because the event payload is already in JSON so CR/LF will be escaped.
event, indent=4, sort_keys=True,
default=str, # A workaround when assertion is in bytes in Python 3
))
event, indent=4, sort_keys=True,
default=str, # A workaround when assertion is in bytes in Python 3
))

def __add(self, event, now=None):
# event typically contains: client_id, scope, token_endpoint,
# response, params, data, grant_type
environment = realm = None
if "token_endpoint" in event:
_, environment, realm = canonicalize(event["token_endpoint"])
Expand Down