search

requests / requests-oauthlib

OAuthlib support for Python-Requests!
https://requests-oauthlib.readthedocs.org/
ISC License
1.71k stars 421 forks source link

Adds logger filter for TOKENS when logging in DEBUG MODE #539

Open jtroussard opened 3 months ago

jtroussard commented 3 months ago

This PR is a derivative of another #532

This PR addresses the same issue but aims to demonstrate a broader perspective on implementation. While the original PR highlighted a significant concern, the proposed solution here follows an existing patten of configuring the logger and leveraging the features within the logger itself. Following this pattern reinforces and encourages contributions in a more uniform and predictable way for future logger configurations.

This approach also enables a more comprehensive cleansing of sensitive information from logs, extending beyond headers to all areas of the code base.

The necessity to create a new PR stems from the considerable deviation in approach, which couldn't be effectively communicated within the framework of #532's PR discussion. To acknowledge the foundational work laid by the original proposal, this submission incorporates co-authoring commits, reinforcing a collaborative effort towards a scalable and secure logging strategy.

Relevant links

python logger docs

SO

coveralls commented 3 months ago

Coverage Status

coverage: 90.503% (+0.4%) from 90.097% when pulling 54676d1744a8ba5b43659da04c6a8a241f3feb3f on 536-access-tokens-leaked-in-logs-when-using-debug-level into 77905a471c7931835525228675ac60eae39bec3f on master.

jtroussard commented 3 months ago

@erlendvollset : Github wouldn't let me ping you in the reviewers windows so I'm doing it here

@XMoose25X : Thought you might want to take a peek/observe/comment/correct/whatever-your-heart-desires xD

jtroussard commented 3 months ago

Converting to a draft until I have time to thoroughly test the regex, and provide evidence.

jtroussard commented 2 months ago

@erlendvollset This is great feedback! I'll try and carve out some time this weekend to address these comments. Thanks again!

jtroussard commented 2 months ago

Pending TODOs

  1. verify regex
  2. compile regex pattern
  3. testing for regex pattern?
erlendvollset commented 3 weeks ago

Hey @jtroussard! This has been stale for a while now, is there anything I could do to help getting this over the finish line? Please let me know - I'd be happy to help out ☺️

jtroussard commented 3 weeks ago

Thanks for reaching out! I haven’t forgotten about this and it’s been bothering me I haven’t been able to set the time aside to finish. Can we circle back on this, next week? Let’s say Wednesday? I’ll make some time to draw up what help is need with and we can pair up and get this one done.

On Mon, Jun 17, 2024 at 7:13 AM Erlend vollset @.***> wrote:

Hey @jtroussard https://github.com/jtroussard! This has been stale for a while now, is there anything I could do to help getting this over the finish line? Please let me know - I'd be happy to help out ☺️

— Reply to this email directly, view it on GitHub https://github.com/requests/requests-oauthlib/pull/539#issuecomment-2173106492, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEFNX7JZRE7SZQDQL3MZPWTZH3AFXAVCNFSM6AAAAABFE6FPFKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNZTGEYDMNBZGI . You are receiving this because you were mentioned.Message ID: @.***>

erlendvollset commented 3 weeks ago

Sure thing! 🤝