[tor-commits] [bridgedb/master] Scrub client information before logging

asn at torproject.org asn at torproject.org
Tue Jul 9 12:01:39 UTC 2013


commit c0ee0d54aaceb6aa0b955a2223e35a27b20e7e60
Author: Matthew Finkel <Matthew.Finkel at gmail.com>
Date:   Tue Jul 9 01:33:59 2013 +0000

    Scrub client information before logging
---
 lib/bridgedb/Dist.py        |   16 +++++++++-------
 lib/bridgedb/EmailServer.py |   13 +++++++------
 lib/bridgedb/HTTPServer.py  |    9 +++++----
 3 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/lib/bridgedb/Dist.py b/lib/bridgedb/Dist.py
index 4d7ee8e..8ca8a73 100644
--- a/lib/bridgedb/Dist.py
+++ b/lib/bridgedb/Dist.py
@@ -8,6 +8,7 @@ This module has functions to decide which bridges to hand out to whom.
 
 import bridgedb.Bridges
 import bridgedb.Storage
+import bridgedb.Util as Util
 
 import logging
 import re
@@ -131,14 +132,15 @@ class IPBasedDistributor(bridgedb.Bridges.BridgeHolder):
            N -- the number of bridges to try to give back.
         """
         if not bridgeFilterRules: bridgeFilterRules=[]
-        logging.debug("getBridgesForIP(%s, %s, %s, %s" % (ip, epoch, N, bridgeFilterRules))
+        logging.debug("getBridgesForIP(%s, %s, %s, %s",
+                Util.logSafely(ip), epoch, N, bridgeFilterRules)
         if not len(self.splitter):
             logging.debug("bailing without splitter")
             return []
 
         area = self.areaMapper(ip)
 
-        logging.info("area is %s" % area)
+        logging.info("area is %s", Util.logSafely(area))
         
         key1 = ''
         pos = 0
@@ -154,8 +156,8 @@ class IPBasedDistributor(bridgedb.Bridges.BridgeHolder):
                                                       len(self.categories),
                                                       n)
                 bridgeFilterRules.append(g)
-                logging.info("category<%s>%s"%(epoch,area))
-                pos = self.areaOrderHmac("category<%s>%s"%(epoch,area))
+                logging.info("category<%s>%s", epoch, Util.logSafely(area))
+                pos = self.areaOrderHmac("category<%s>%s", epoch, area)
                 key1 = bridgedb.Bridges.get_hmac(self.splitter.key,
                                              "Order-Bridges-In-Ring-%d"%n) 
                 break;
@@ -364,15 +366,15 @@ class EmailBasedDistributor(bridgedb.Bridges.BridgeHolder):
         if lastSaw is not None and lastSaw + MAX_EMAIL_RATE >= now:
             if wasWarned:
                 logging.info("Got a request for bridges from %r; we already "
-                             "sent a warning. Ignoring.", emailaddress)
-                raise IgnoreEmail("Client was warned", emailaddress)
+                             "sent a warning. Ignoring.", Util.logSafely(emailaddress))
+                raise IgnoreEmail("Client was warned", Util.logSafely(emailaddress))
             else:
                 db.setWarnedEmail(emailaddress, True, now)
                 db.commit() 
 
             logging.info("Got a request for bridges from %r; we already "
                          "answered one within the last %d seconds. Warning.",
-                         emailaddress, MAX_EMAIL_RATE)
+                         Util.logSafely(emailaddress), MAX_EMAIL_RATE)
             raise TooSoonEmail("Too many emails; wait till later", emailaddress)
 
         # warning period is over
diff --git a/lib/bridgedb/EmailServer.py b/lib/bridgedb/EmailServer.py
index fc034c7..23fc8c1 100644
--- a/lib/bridgedb/EmailServer.py
+++ b/lib/bridgedb/EmailServer.py
@@ -25,6 +25,7 @@ import twisted.mail.smtp
 from zope.interface import implements
 
 import bridgedb.Dist
+import bridgedb.Util as Util
 from bridgedb.Dist import BadEmail, TooSoonEmail, IgnoreEmail
 from bridgedb.Filters import filterBridgesByIP6, filterBridgesByIP4
 from bridgedb.Filters import filterBridgesByTransport
@@ -99,11 +100,11 @@ def getMailResponse(lines, ctx):
         logging.info("Ignoring bad address on incoming email.")
         return None,None
     if not addrdomain:
-        logging.info("Couldn't parse domain from %r", clientAddr)
+        logging.info("Couldn't parse domain from %r", Util.logSafely(clientAddr))
     if addrdomain and ctx.cfg.EMAIL_DOMAIN_MAP:
         addrdomain = ctx.cfg.EMAIL_DOMAIN_MAP.get(addrdomain, addrdomain)
     if addrdomain not in ctx.cfg.EMAIL_DOMAINS:
-        logging.info("Unrecognized email domain %r", addrdomain)
+        logging.info("Unrecognized email domain %r", Util.logSafely(addrdomain))
         return None,None
     rules = ctx.cfg.EMAIL_DOMAIN_RULES.get(addrdomain, [])
     if 'dkim' in rules:
@@ -176,7 +177,7 @@ def getMailResponse(lines, ctx):
     # Handle rate limited email
     except TooSoonEmail, e:
         logging.info("Got a mail too frequently; warning %r: %s.",
-                     clientAddr, e)
+                     Util.logSafely(clientAddr), e)
 
         # Compose a warning email
         # MAX_EMAIL_RATE is in seconds, convert to hours
@@ -186,12 +187,12 @@ def getMailResponse(lines, ctx):
 
     except IgnoreEmail, e:
         logging.info("Got a mail too frequently; ignoring %r: %s.",
-                      clientAddr, e)
+                      Util.logSafely(clientAddr), e)
         return None, None 
 
     except BadEmail, e:
         logging.info("Got a mail from a bad email address %r: %s.",
-                     clientAddr, e)
+                     Util.logSafely(clientAddr), e)
         return None, None 
 
     if bridges:
@@ -251,7 +252,7 @@ def replyToMail(lines, ctx):
         response,
         d)
     reactor.connectTCP(ctx.smtpServer, ctx.smtpPort, factory)
-    logging.info("Sending reply to %r", sendToUser)
+    logging.info("Sending reply to %r", Util.logSafely(sendToUser))
     return d
 
 def getLocaleFromPlusAddr(address):
diff --git a/lib/bridgedb/HTTPServer.py b/lib/bridgedb/HTTPServer.py
index c181d63..6b469cc 100644
--- a/lib/bridgedb/HTTPServer.py
+++ b/lib/bridgedb/HTTPServer.py
@@ -22,6 +22,7 @@ from twisted.web.util import redirectTo
 
 import bridgedb.Dist
 import bridgedb.I18n as I18n
+import bridgedb.Util as Util
 
 from recaptcha.client import captcha 
 from bridgedb.Raptcha import Raptcha
@@ -96,11 +97,11 @@ class CaptchaProtectedResource(twisted.web.resource.Resource):
                                         self.recaptchaPrivKey, remote_ip)
         if recaptcha_response.is_valid:
             logging.info("Valid recaptcha from %s. Parameters were %r",
-                    remote_ip, request.args)
+                    Util.logSafely(remote_ip), request.args)
             return self.resource.render(request)
         else:
             logging.info("Invalid recaptcha from %s. Parameters were %r",
-                         remote_ip, request.args)
+                         Util.logSafely(remote_ip), request.args)
             logging.info("Recaptcha error code: %s", recaptcha_response.error_code)
         return redirectTo(request.URLPath(), request)
 
@@ -209,8 +210,8 @@ class WebResource(twisted.web.resource.Resource):
                 request=bridgedb.Dist.uniformMap(ip)
                 ) for b in bridges) 
 
-        logging.info("Replying to web request from %s.  Parameters were %r", ip,
-                     request.args)
+        logging.info("Replying to web request from %s.  Parameters were %r",
+                     Util.logSafely(ip), request.args)
         if format == 'plain':
             request.setHeader("Content-Type", "text/plain")
             return answer



More information about the tor-commits mailing list