Comment 26 for bug 1685798

Reviewed: https://review.opendev.org/c/openstack/swift/+/822585
Committed: https://opendev.org/openstack/swift/commit/f2c279bae94689e2062beb6d0030d168a0b4cbdf
Submitter: "Zuul (22348)"
Branch: master

commit f2c279bae94689e2062beb6d0030d168a0b4cbdf
Author: Matthew Oliver <email address hidden>
Date: Thu Feb 3 16:29:53 2022 +1100

    Trim sensitive information in the logs (CVE-2017-8761)

    Several headers and query params were previously revealed in logs but
    are now redacted:

      * X-Auth-Token header (previously redacted in the {auth_token} field,
        but not the {headers} field)
      * temp_url_sig query param (used by tempurl middleware)
      * Authorization header and X-Amz-Signature and Signature query
        parameters (used by s3api middleware)

    This patch adds some new middleware helper methods to track headers and
    query parameters that should be redacted by proxy-logging. While
    instantiating the middleware, authors can call either:

       register_sensitive_header('case-insensitive-header-name')
       register_sensitive_param('case-sensitive-query-param-name')

    to add items that should be redacted. The redaction uses proxy-logging's
    existing reveal_sensitive_prefix config option to determine how much to
    reveal.

    Note that query params will still be logged in their entirety if
    eventlet_debug is enabled.

    UpgradeImpact
    =============
    The reveal_sensitive_prefix config option now applies to more items;
    operators should review their currently-configured value to ensure it
    is appropriate for these new contexts. In particular, operators should
    consider reducing the value if it is more than 20 or so, even if that
    previously offered sufficient protection for auth tokens.

    Co-Authored-By: Tim Burke <email address hidden>
    Closes-Bug: #1685798
    Change-Id: I88b8cfd30292325e0870029058da6fb38026ae1a