[tor-commits] [flashproxy/master] Don't log IP addresses in registration helpers

dcf at torproject.org dcf at torproject.org
Wed Jul 31 06:00:15 UTC 2013


commit 0938d7ccb9ceaf3d45020fca03639f706dc74c61
Author: Arlo Breault <arlolra at gmail.com>
Date:   Tue Jul 2 10:17:29 2013 -0700

    Don't log IP addresses in registration helpers
    
    See #9185
---
 flashproxy-client      |    6 ++++++
 flashproxy-reg-appspot |   22 ++++++++++++++++++----
 flashproxy-reg-email   |   20 +++++++++++++++++---
 flashproxy-reg-http    |   17 ++++++++++++++---
 4 files changed, 55 insertions(+), 10 deletions(-)

diff --git a/flashproxy-client b/flashproxy-client
index 5c6f9e0..89eda2a 100755
--- a/flashproxy-client
+++ b/flashproxy-client
@@ -1001,16 +1001,22 @@ def build_register_command(method):
         command = [os.path.join(script_dir, "flashproxy-reg-appspot")] + af
         if options.facilitator_pubkey_filename is not None:
             command += ["--facilitator-pubkey", options.facilitator_pubkey_filename]
+        if not options.safe_logging:
+            command += ["--unsafe-logging"]
         return command
     elif method == "email":
         command = [os.path.join(script_dir, "flashproxy-reg-email")] + af
         if options.facilitator_pubkey_filename is not None:
             command += ["--facilitator-pubkey", options.facilitator_pubkey_filename]
+        if not options.safe_logging:
+            command += ["--unsafe-logging"]
         return command
     elif method == "http":
         command = [os.path.join(script_dir, "flashproxy-reg-http")] + af
         if options.facilitator_url is not None:
             command += ["-f", options.facilitator_url]
+        if not options.safe_logging:
+            command += ["--unsafe-logging"]
         return command
     else:
         raise ValueError("Unknown registration method \"%s\"" % method)
diff --git a/flashproxy-reg-appspot b/flashproxy-reg-appspot
index 27bb09b..16d0e7f 100755
--- a/flashproxy-reg-appspot
+++ b/flashproxy-reg-appspot
@@ -73,6 +73,7 @@ class options(object):
     address_family = socket.AF_UNSPEC
     facilitator_pubkey_filename = None
     use_certificate_pin = True
+    safe_logging = True
 
 def usage(f = sys.stdout):
     print >> f, """\
@@ -87,12 +88,20 @@ external IP address is guessed).
       --facilitator-pubkey=FILENAME
                      encrypt registrations to the given PEM-formatted
                        public key (default built-in).
-  -h, --help         show this help.\
+  -h, --help         show this help.
+  --unsafe-logging   don't scrub IP addresses from logs.\
 """ % {
     "progname": sys.argv[0],
     "remote_addr": format_addr((DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)),
 }
 
+def safe_str(s):
+    """Return "[scrubbed]" if options.safe_logging is true, and s otherwise."""
+    if options.safe_logging:
+        return "[scrubbed]"
+    else:
+        return s
+
 def parse_addr_spec(spec, defhost = None, defport = None):
     host = None
     port = None
@@ -143,6 +152,9 @@ def format_addr(addr):
         result += u":%d" % port
     return result
 
+def safe_format_addr(addr):
+    return safe_str(format_addr(addr))
+
 def get_state_dir():
     """Get a directory where we can put temporary files. Returns None if any
     suitable temporary directory will do."""
@@ -223,7 +235,7 @@ def get_external_ip():
     finally:
         f.close()
 
-opt, args = getopt.gnu_getopt(sys.argv[1:], "46h", ["disable-pin", "facilitator-pubkey=", "help"])
+opt, args = getopt.gnu_getopt(sys.argv[1:], "46h", ["disable-pin", "facilitator-pubkey=", "help", "unsafe-logging"])
 for o, a in opt:
     if o == "-4":
         options.address_family = socket.AF_INET
@@ -236,6 +248,8 @@ for o, a in opt:
     elif o == "-h" or o == "--help":
         usage()
         sys.exit()
+    elif o == "--unsafe-logging":
+        options.safe_logging = False
 
 if len(args) == 0:
     remote_addr = (DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)
@@ -277,7 +291,7 @@ if not remote_addr[0]:
     try:
         remote_addr = parse_addr_spec(ip, *remote_addr)
     except ValueError, e:
-        print >> sys.stderr, "Error parsing external IP address %s: %s" % (repr(ip), str(e))
+        print >> sys.stderr, "Error parsing external IP address %s: %s" % (safe_str(repr(ip)), str(e))
         sys.exit(1)
 
 try:
@@ -299,4 +313,4 @@ except Exception, e:
     sys.exit(1)
 http.close()
 
-print "Registered \"%s\" with %s." % (format_addr(remote_addr), TARGET_DOMAIN)
+print "Registered \"%s\" with %s." % (safe_format_addr(remote_addr), TARGET_DOMAIN)
diff --git a/flashproxy-reg-email b/flashproxy-reg-email
index 3f77b10..2d3cba9 100755
--- a/flashproxy-reg-email
+++ b/flashproxy-reg-email
@@ -88,6 +88,7 @@ class options(object):
     address_family = socket.AF_UNSPEC
     facilitator_pubkey_filename = None
     use_certificate_pin = True
+    safe_logging = True
 
 def usage(f = sys.stdout):
     print >> f, """\
@@ -112,7 +113,8 @@ This program requires the M2Crypto library for Python.
                             public key (default built-in).
   -h, --help              show this help.
   -s, --smtp=HOST[:PORT]  use the given SMTP server
-                            (default "%(smtp_addr)s").\
+                            (default "%(smtp_addr)s").
+  --unsafe-logging        don't scrub IP addresses from logs.\
 """ % {
     "progname": sys.argv[0],
     "remote_addr": format_addr((DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)),
@@ -120,6 +122,13 @@ This program requires the M2Crypto library for Python.
     "smtp_addr": format_addr((DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT)),
 }
 
+def safe_str(s):
+    """Return "[scrubbed]" if options.safe_logging is true, and s otherwise."""
+    if options.safe_logging:
+        return "[scrubbed]"
+    else:
+        return s
+
 def parse_addr_spec(spec, defhost = None, defport = None):
     host = None
     port = None
@@ -170,6 +179,9 @@ def format_addr(addr):
         result += u":%d" % port
     return result
 
+def safe_format_addr(addr):
+    return safe_str(format_addr(addr))
+
 def get_state_dir():
     """Get a directory where we can put temporary files. Returns None if any
     suitable temporary directory will do."""
@@ -192,7 +204,7 @@ def get_facilitator_pubkey():
 options.email_addr = DEFAULT_EMAIL_ADDRESS
 options.smtp_addr = (DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT)
 
-opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:hs:", ["debug", "disable-pin", "email=", "facilitator-pubkey=", "help", "smtp="])
+opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:hs:", ["debug", "disable-pin", "email=", "facilitator-pubkey=", "help", "smtp=", "unsafe-logging"])
 for o, a in opts:
     if o == "-4":
         options.address_family = socket.AF_INET
@@ -211,6 +223,8 @@ for o, a in opts:
         sys.exit()
     elif o == "-s" or o == "--smtp":
         options.smtp_addr = parse_addr_spec(a, DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT)
+    elif o == "--unsafe-logging":
+        options.safe_logging = False
 
 if len(args) == 0:
     options.remote_addr = (DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)
@@ -310,4 +324,4 @@ except Exception, e:
     print >> sys.stderr, "Failed to register: %s" % str(e)
     sys.exit(1)
 
-print "Registered \"%s\" with %s." % (format_addr(options.remote_addr), options.email_addr)
+print "Registered \"%s\" with %s." % (safe_format_addr(options.remote_addr), options.email_addr)
diff --git a/flashproxy-reg-http b/flashproxy-reg-http
index 68fe46a..975ebda 100755
--- a/flashproxy-reg-http
+++ b/flashproxy-reg-http
@@ -16,6 +16,7 @@ class options(object):
     remote_addr = None
     facilitator_url = None
     address_family = socket.AF_UNSPEC
+    safe_logging = True
 
 def usage(f = sys.stdout):
     print >> f, """\
@@ -27,13 +28,21 @@ remote address registered is "%(remote_addr)s".
   -6                     name lookups use only IPv6.
   -f, --facilitator=URL  register with the given facilitator
                            (by default "%(fac_url)s").
-  -h, --help             show this help.\
+  -h, --help             show this help.
+  --unsafe-logging       don't scrub IP addresses from logs.\
 """ % {
     "progname": sys.argv[0],
     "fac_url": DEFAULT_FACILITATOR_URL,
     "remote_addr": format_addr((DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)),
 }
 
+def safe_str(s):
+    """Return "[scrubbed]" if options.safe_logging is true, and s otherwise."""
+    if options.safe_logging:
+        return "[scrubbed]"
+    else:
+        return s
+
 def parse_addr_spec(spec, defhost = None, defport = None):
     host = None
     port = None
@@ -87,7 +96,7 @@ def format_addr(addr):
 options.facilitator_url = DEFAULT_FACILITATOR_URL
 options.remote_addr = (DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)
 
-opts, args = getopt.gnu_getopt(sys.argv[1:], "46f:h", ["facilitator=", "help"])
+opts, args = getopt.gnu_getopt(sys.argv[1:], "46f:h", ["facilitator=", "help", "unsafe-logging"])
 for o, a in opts:
     if o == "-4":
         options.address_family = socket.AF_INET
@@ -98,6 +107,8 @@ for o, a in opts:
     elif o == "-h" or o == "--help":
         usage()
         sys.exit()
+    elif o == "--unsafe-logging":
+        options.safe_logging = False
 
 if len(args) == 0:
     pass
@@ -127,4 +138,4 @@ except Exception, e:
     sys.exit(1)
 http.close()
 
-print "Registered \"%s\" with %s." % (spec, options.facilitator_url)
+print "Registered \"%s\" with %s." % (safe_str(spec), options.facilitator_url)





More information about the tor-commits mailing list