commit 0938d7ccb9ceaf3d45020fca03639f706dc74c61 Author: Arlo Breault arlolra@gmail.com Date: Tue Jul 2 10:17:29 2013 -0700
Don't log IP addresses in registration helpers
See #9185 --- flashproxy-client | 6 ++++++ flashproxy-reg-appspot | 22 ++++++++++++++++++---- flashproxy-reg-email | 20 +++++++++++++++++--- flashproxy-reg-http | 17 ++++++++++++++--- 4 files changed, 55 insertions(+), 10 deletions(-)
diff --git a/flashproxy-client b/flashproxy-client index 5c6f9e0..89eda2a 100755 --- a/flashproxy-client +++ b/flashproxy-client @@ -1001,16 +1001,22 @@ def build_register_command(method): command = [os.path.join(script_dir, "flashproxy-reg-appspot")] + af if options.facilitator_pubkey_filename is not None: command += ["--facilitator-pubkey", options.facilitator_pubkey_filename] + if not options.safe_logging: + command += ["--unsafe-logging"] return command elif method == "email": command = [os.path.join(script_dir, "flashproxy-reg-email")] + af if options.facilitator_pubkey_filename is not None: command += ["--facilitator-pubkey", options.facilitator_pubkey_filename] + if not options.safe_logging: + command += ["--unsafe-logging"] return command elif method == "http": command = [os.path.join(script_dir, "flashproxy-reg-http")] + af if options.facilitator_url is not None: command += ["-f", options.facilitator_url] + if not options.safe_logging: + command += ["--unsafe-logging"] return command else: raise ValueError("Unknown registration method "%s"" % method) diff --git a/flashproxy-reg-appspot b/flashproxy-reg-appspot index 27bb09b..16d0e7f 100755 --- a/flashproxy-reg-appspot +++ b/flashproxy-reg-appspot @@ -73,6 +73,7 @@ class options(object): address_family = socket.AF_UNSPEC facilitator_pubkey_filename = None use_certificate_pin = True + safe_logging = True
def usage(f = sys.stdout): print >> f, """\ @@ -87,12 +88,20 @@ external IP address is guessed). --facilitator-pubkey=FILENAME encrypt registrations to the given PEM-formatted public key (default built-in). - -h, --help show this help.\ + -h, --help show this help. + --unsafe-logging don't scrub IP addresses from logs.\ """ % { "progname": sys.argv[0], "remote_addr": format_addr((DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)), }
+def safe_str(s): + """Return "[scrubbed]" if options.safe_logging is true, and s otherwise.""" + if options.safe_logging: + return "[scrubbed]" + else: + return s + def parse_addr_spec(spec, defhost = None, defport = None): host = None port = None @@ -143,6 +152,9 @@ def format_addr(addr): result += u":%d" % port return result
+def safe_format_addr(addr): + return safe_str(format_addr(addr)) + def get_state_dir(): """Get a directory where we can put temporary files. Returns None if any suitable temporary directory will do.""" @@ -223,7 +235,7 @@ def get_external_ip(): finally: f.close()
-opt, args = getopt.gnu_getopt(sys.argv[1:], "46h", ["disable-pin", "facilitator-pubkey=", "help"]) +opt, args = getopt.gnu_getopt(sys.argv[1:], "46h", ["disable-pin", "facilitator-pubkey=", "help", "unsafe-logging"]) for o, a in opt: if o == "-4": options.address_family = socket.AF_INET @@ -236,6 +248,8 @@ for o, a in opt: elif o == "-h" or o == "--help": usage() sys.exit() + elif o == "--unsafe-logging": + options.safe_logging = False
if len(args) == 0: remote_addr = (DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT) @@ -277,7 +291,7 @@ if not remote_addr[0]: try: remote_addr = parse_addr_spec(ip, *remote_addr) except ValueError, e: - print >> sys.stderr, "Error parsing external IP address %s: %s" % (repr(ip), str(e)) + print >> sys.stderr, "Error parsing external IP address %s: %s" % (safe_str(repr(ip)), str(e)) sys.exit(1)
try: @@ -299,4 +313,4 @@ except Exception, e: sys.exit(1) http.close()
-print "Registered "%s" with %s." % (format_addr(remote_addr), TARGET_DOMAIN) +print "Registered "%s" with %s." % (safe_format_addr(remote_addr), TARGET_DOMAIN) diff --git a/flashproxy-reg-email b/flashproxy-reg-email index 3f77b10..2d3cba9 100755 --- a/flashproxy-reg-email +++ b/flashproxy-reg-email @@ -88,6 +88,7 @@ class options(object): address_family = socket.AF_UNSPEC facilitator_pubkey_filename = None use_certificate_pin = True + safe_logging = True
def usage(f = sys.stdout): print >> f, """\ @@ -112,7 +113,8 @@ This program requires the M2Crypto library for Python. public key (default built-in). -h, --help show this help. -s, --smtp=HOST[:PORT] use the given SMTP server - (default "%(smtp_addr)s").\ + (default "%(smtp_addr)s"). + --unsafe-logging don't scrub IP addresses from logs.\ """ % { "progname": sys.argv[0], "remote_addr": format_addr((DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)), @@ -120,6 +122,13 @@ This program requires the M2Crypto library for Python. "smtp_addr": format_addr((DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT)), }
+def safe_str(s): + """Return "[scrubbed]" if options.safe_logging is true, and s otherwise.""" + if options.safe_logging: + return "[scrubbed]" + else: + return s + def parse_addr_spec(spec, defhost = None, defport = None): host = None port = None @@ -170,6 +179,9 @@ def format_addr(addr): result += u":%d" % port return result
+def safe_format_addr(addr): + return safe_str(format_addr(addr)) + def get_state_dir(): """Get a directory where we can put temporary files. Returns None if any suitable temporary directory will do.""" @@ -192,7 +204,7 @@ def get_facilitator_pubkey(): options.email_addr = DEFAULT_EMAIL_ADDRESS options.smtp_addr = (DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT)
-opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:hs:", ["debug", "disable-pin", "email=", "facilitator-pubkey=", "help", "smtp="]) +opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:hs:", ["debug", "disable-pin", "email=", "facilitator-pubkey=", "help", "smtp=", "unsafe-logging"]) for o, a in opts: if o == "-4": options.address_family = socket.AF_INET @@ -211,6 +223,8 @@ for o, a in opts: sys.exit() elif o == "-s" or o == "--smtp": options.smtp_addr = parse_addr_spec(a, DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT) + elif o == "--unsafe-logging": + options.safe_logging = False
if len(args) == 0: options.remote_addr = (DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT) @@ -310,4 +324,4 @@ except Exception, e: print >> sys.stderr, "Failed to register: %s" % str(e) sys.exit(1)
-print "Registered "%s" with %s." % (format_addr(options.remote_addr), options.email_addr) +print "Registered "%s" with %s." % (safe_format_addr(options.remote_addr), options.email_addr) diff --git a/flashproxy-reg-http b/flashproxy-reg-http index 68fe46a..975ebda 100755 --- a/flashproxy-reg-http +++ b/flashproxy-reg-http @@ -16,6 +16,7 @@ class options(object): remote_addr = None facilitator_url = None address_family = socket.AF_UNSPEC + safe_logging = True
def usage(f = sys.stdout): print >> f, """\ @@ -27,13 +28,21 @@ remote address registered is "%(remote_addr)s". -6 name lookups use only IPv6. -f, --facilitator=URL register with the given facilitator (by default "%(fac_url)s"). - -h, --help show this help.\ + -h, --help show this help. + --unsafe-logging don't scrub IP addresses from logs.\ """ % { "progname": sys.argv[0], "fac_url": DEFAULT_FACILITATOR_URL, "remote_addr": format_addr((DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)), }
+def safe_str(s): + """Return "[scrubbed]" if options.safe_logging is true, and s otherwise.""" + if options.safe_logging: + return "[scrubbed]" + else: + return s + def parse_addr_spec(spec, defhost = None, defport = None): host = None port = None @@ -87,7 +96,7 @@ def format_addr(addr): options.facilitator_url = DEFAULT_FACILITATOR_URL options.remote_addr = (DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)
-opts, args = getopt.gnu_getopt(sys.argv[1:], "46f:h", ["facilitator=", "help"]) +opts, args = getopt.gnu_getopt(sys.argv[1:], "46f:h", ["facilitator=", "help", "unsafe-logging"]) for o, a in opts: if o == "-4": options.address_family = socket.AF_INET @@ -98,6 +107,8 @@ for o, a in opts: elif o == "-h" or o == "--help": usage() sys.exit() + elif o == "--unsafe-logging": + options.safe_logging = False
if len(args) == 0: pass @@ -127,4 +138,4 @@ except Exception, e: sys.exit(1) http.close()
-print "Registered "%s" with %s." % (spec, options.facilitator_url) +print "Registered "%s" with %s." % (safe_str(spec), options.facilitator_url)
tor-commits@lists.torproject.org