commit 0938d7ccb9ceaf3d45020fca03639f706dc74c61
Author: Arlo Breault <arlolra(a)gmail.com>
Date: Tue Jul 2 10:17:29 2013 -0700
Don't log IP addresses in registration helpers
See #9185
---
flashproxy-client | 6 ++++++
flashproxy-reg-appspot | 22 ++++++++++++++++++----
flashproxy-reg-email | 20 +++++++++++++++++---
flashproxy-reg-http | 17 ++++++++++++++---
4 files changed, 55 insertions(+), 10 deletions(-)
diff --git a/flashproxy-client b/flashproxy-client
index 5c6f9e0..89eda2a 100755
--- a/flashproxy-client
+++ b/flashproxy-client
@@ -1001,16 +1001,22 @@ def build_register_command(method):
command = [os.path.join(script_dir, "flashproxy-reg-appspot")] + af
if options.facilitator_pubkey_filename is not None:
command += ["--facilitator-pubkey", options.facilitator_pubkey_filename]
+ if not options.safe_logging:
+ command += ["--unsafe-logging"]
return command
elif method == "email":
command = [os.path.join(script_dir, "flashproxy-reg-email")] + af
if options.facilitator_pubkey_filename is not None:
command += ["--facilitator-pubkey", options.facilitator_pubkey_filename]
+ if not options.safe_logging:
+ command += ["--unsafe-logging"]
return command
elif method == "http":
command = [os.path.join(script_dir, "flashproxy-reg-http")] + af
if options.facilitator_url is not None:
command += ["-f", options.facilitator_url]
+ if not options.safe_logging:
+ command += ["--unsafe-logging"]
return command
else:
raise ValueError("Unknown registration method \"%s\"" % method)
diff --git a/flashproxy-reg-appspot b/flashproxy-reg-appspot
index 27bb09b..16d0e7f 100755
--- a/flashproxy-reg-appspot
+++ b/flashproxy-reg-appspot
@@ -73,6 +73,7 @@ class options(object):
address_family = socket.AF_UNSPEC
facilitator_pubkey_filename = None
use_certificate_pin = True
+ safe_logging = True
def usage(f = sys.stdout):
print >> f, """\
@@ -87,12 +88,20 @@ external IP address is guessed).
--facilitator-pubkey=FILENAME
encrypt registrations to the given PEM-formatted
public key (default built-in).
- -h, --help show this help.\
+ -h, --help show this help.
+ --unsafe-logging don't scrub IP addresses from logs.\
""" % {
"progname": sys.argv[0],
"remote_addr": format_addr((DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)),
}
+def safe_str(s):
+ """Return "[scrubbed]" if options.safe_logging is true, and s otherwise."""
+ if options.safe_logging:
+ return "[scrubbed]"
+ else:
+ return s
+
def parse_addr_spec(spec, defhost = None, defport = None):
host = None
port = None
@@ -143,6 +152,9 @@ def format_addr(addr):
result += u":%d" % port
return result
+def safe_format_addr(addr):
+ return safe_str(format_addr(addr))
+
def get_state_dir():
"""Get a directory where we can put temporary files. Returns None if any
suitable temporary directory will do."""
@@ -223,7 +235,7 @@ def get_external_ip():
finally:
f.close()
-opt, args = getopt.gnu_getopt(sys.argv[1:], "46h", ["disable-pin", "facilitator-pubkey=", "help"])
+opt, args = getopt.gnu_getopt(sys.argv[1:], "46h", ["disable-pin", "facilitator-pubkey=", "help", "unsafe-logging"])
for o, a in opt:
if o == "-4":
options.address_family = socket.AF_INET
@@ -236,6 +248,8 @@ for o, a in opt:
elif o == "-h" or o == "--help":
usage()
sys.exit()
+ elif o == "--unsafe-logging":
+ options.safe_logging = False
if len(args) == 0:
remote_addr = (DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)
@@ -277,7 +291,7 @@ if not remote_addr[0]:
try:
remote_addr = parse_addr_spec(ip, *remote_addr)
except ValueError, e:
- print >> sys.stderr, "Error parsing external IP address %s: %s" % (repr(ip), str(e))
+ print >> sys.stderr, "Error parsing external IP address %s: %s" % (safe_str(repr(ip)), str(e))
sys.exit(1)
try:
@@ -299,4 +313,4 @@ except Exception, e:
sys.exit(1)
http.close()
-print "Registered \"%s\" with %s." % (format_addr(remote_addr), TARGET_DOMAIN)
+print "Registered \"%s\" with %s." % (safe_format_addr(remote_addr), TARGET_DOMAIN)
diff --git a/flashproxy-reg-email b/flashproxy-reg-email
index 3f77b10..2d3cba9 100755
--- a/flashproxy-reg-email
+++ b/flashproxy-reg-email
@@ -88,6 +88,7 @@ class options(object):
address_family = socket.AF_UNSPEC
facilitator_pubkey_filename = None
use_certificate_pin = True
+ safe_logging = True
def usage(f = sys.stdout):
print >> f, """\
@@ -112,7 +113,8 @@ This program requires the M2Crypto library for Python.
public key (default built-in).
-h, --help show this help.
-s, --smtp=HOST[:PORT] use the given SMTP server
- (default "%(smtp_addr)s").\
+ (default "%(smtp_addr)s").
+ --unsafe-logging don't scrub IP addresses from logs.\
""" % {
"progname": sys.argv[0],
"remote_addr": format_addr((DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)),
@@ -120,6 +122,13 @@ This program requires the M2Crypto library for Python.
"smtp_addr": format_addr((DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT)),
}
+def safe_str(s):
+ """Return "[scrubbed]" if options.safe_logging is true, and s otherwise."""
+ if options.safe_logging:
+ return "[scrubbed]"
+ else:
+ return s
+
def parse_addr_spec(spec, defhost = None, defport = None):
host = None
port = None
@@ -170,6 +179,9 @@ def format_addr(addr):
result += u":%d" % port
return result
+def safe_format_addr(addr):
+ return safe_str(format_addr(addr))
+
def get_state_dir():
"""Get a directory where we can put temporary files. Returns None if any
suitable temporary directory will do."""
@@ -192,7 +204,7 @@ def get_facilitator_pubkey():
options.email_addr = DEFAULT_EMAIL_ADDRESS
options.smtp_addr = (DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT)
-opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:hs:", ["debug", "disable-pin", "email=", "facilitator-pubkey=", "help", "smtp="])
+opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:hs:", ["debug", "disable-pin", "email=", "facilitator-pubkey=", "help", "smtp=", "unsafe-logging"])
for o, a in opts:
if o == "-4":
options.address_family = socket.AF_INET
@@ -211,6 +223,8 @@ for o, a in opts:
sys.exit()
elif o == "-s" or o == "--smtp":
options.smtp_addr = parse_addr_spec(a, DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT)
+ elif o == "--unsafe-logging":
+ options.safe_logging = False
if len(args) == 0:
options.remote_addr = (DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)
@@ -310,4 +324,4 @@ except Exception, e:
print >> sys.stderr, "Failed to register: %s" % str(e)
sys.exit(1)
-print "Registered \"%s\" with %s." % (format_addr(options.remote_addr), options.email_addr)
+print "Registered \"%s\" with %s." % (safe_format_addr(options.remote_addr), options.email_addr)
diff --git a/flashproxy-reg-http b/flashproxy-reg-http
index 68fe46a..975ebda 100755
--- a/flashproxy-reg-http
+++ b/flashproxy-reg-http
@@ -16,6 +16,7 @@ class options(object):
remote_addr = None
facilitator_url = None
address_family = socket.AF_UNSPEC
+ safe_logging = True
def usage(f = sys.stdout):
print >> f, """\
@@ -27,13 +28,21 @@ remote address registered is "%(remote_addr)s".
-6 name lookups use only IPv6.
-f, --facilitator=URL register with the given facilitator
(by default "%(fac_url)s").
- -h, --help show this help.\
+ -h, --help show this help.
+ --unsafe-logging don't scrub IP addresses from logs.\
""" % {
"progname": sys.argv[0],
"fac_url": DEFAULT_FACILITATOR_URL,
"remote_addr": format_addr((DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)),
}
+def safe_str(s):
+ """Return "[scrubbed]" if options.safe_logging is true, and s otherwise."""
+ if options.safe_logging:
+ return "[scrubbed]"
+ else:
+ return s
+
def parse_addr_spec(spec, defhost = None, defport = None):
host = None
port = None
@@ -87,7 +96,7 @@ def format_addr(addr):
options.facilitator_url = DEFAULT_FACILITATOR_URL
options.remote_addr = (DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)
-opts, args = getopt.gnu_getopt(sys.argv[1:], "46f:h", ["facilitator=", "help"])
+opts, args = getopt.gnu_getopt(sys.argv[1:], "46f:h", ["facilitator=", "help", "unsafe-logging"])
for o, a in opts:
if o == "-4":
options.address_family = socket.AF_INET
@@ -98,6 +107,8 @@ for o, a in opts:
elif o == "-h" or o == "--help":
usage()
sys.exit()
+ elif o == "--unsafe-logging":
+ options.safe_logging = False
if len(args) == 0:
pass
@@ -127,4 +138,4 @@ except Exception, e:
sys.exit(1)
http.close()
-print "Registered \"%s\" with %s." % (spec, options.facilitator_url)
+print "Registered \"%s\" with %s." % (safe_str(spec), options.facilitator_url)