Ticket #9185: 0001-Don-t-log-IP-addresses-in-registration-helpers.patch

File 0001-Don-t-log-IP-addresses-in-registration-helpers.patch, 10.9 KB (added by arlolra, 6 years ago)
  • flashproxy-client

    From 9c35cb348846a5d2af9204261112bdce4db52373 Mon Sep 17 00:00:00 2001
    From: Arlo Breault <arlolra@gmail.com>
    Date: Tue, 2 Jul 2013 10:17:29 -0700
    Subject: [PATCH] Don't log IP addresses in registration helpers
    
    See #9185
    ---
     flashproxy-client      |  6 ++++++
     flashproxy-reg-appspot | 22 ++++++++++++++++++----
     flashproxy-reg-email   | 20 +++++++++++++++++---
     flashproxy-reg-http    | 17 ++++++++++++++---
     flashproxy-reg-url     | 15 +++++++++++++--
     5 files changed, 68 insertions(+), 12 deletions(-)
    
    diff --git a/flashproxy-client b/flashproxy-client
    index 41d6559..5eb31eb 100755
    a b def build_register_command(method): 
    10011001        command = [os.path.join(script_dir, "flashproxy-reg-appspot")] + af
    10021002        if options.facilitator_pubkey_filename is not None:
    10031003            command += ["--facilitator-pubkey", options.facilitator_pubkey_filename]
     1004        if options.safe_logging == False:
     1005            command += ["--unsafe-logging"]
    10041006        return command
    10051007    elif method == "email":
    10061008        command = [os.path.join(script_dir, "flashproxy-reg-email")] + af
    10071009        if options.facilitator_pubkey_filename is not None:
    10081010            command += ["--facilitator-pubkey", options.facilitator_pubkey_filename]
     1011        if options.safe_logging == False:
     1012            command += ["--unsafe-logging"]
    10091013        return command
    10101014    elif method == "http":
    10111015        command = [os.path.join(script_dir, "flashproxy-reg-http")] + af
    10121016        if options.facilitator_url is not None:
    10131017            command += ["-f", options.facilitator_url]
     1018        if options.safe_logging == False:
     1019            command += ["--unsafe-logging"]
    10141020        return command
    10151021    else:
    10161022        raise ValueError("Unknown registration method \"%s\"" % method)
  • flashproxy-reg-appspot

    diff --git a/flashproxy-reg-appspot b/flashproxy-reg-appspot
    index 27bb09b..16d0e7f 100755
    a b class options(object): 
    7373    address_family = socket.AF_UNSPEC
    7474    facilitator_pubkey_filename = None
    7575    use_certificate_pin = True
     76    safe_logging = True
    7677
    7778def usage(f = sys.stdout):
    7879    print >> f, """\
    external IP address is guessed). 
    8788      --facilitator-pubkey=FILENAME
    8889                     encrypt registrations to the given PEM-formatted
    8990                       public key (default built-in).
    90   -h, --help         show this help.\
     91  -h, --help         show this help.
     92  --unsafe-logging   don't scrub IP addresses from logs.\
    9193""" % {
    9294    "progname": sys.argv[0],
    9395    "remote_addr": format_addr((DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)),
    9496}
    9597
     98def safe_str(s):
     99    """Return "[scrubbed]" if options.safe_logging is true, and s otherwise."""
     100    if options.safe_logging:
     101        return "[scrubbed]"
     102    else:
     103        return s
     104
    96105def parse_addr_spec(spec, defhost = None, defport = None):
    97106    host = None
    98107    port = None
    def format_addr(addr): 
    143152        result += u":%d" % port
    144153    return result
    145154
     155def safe_format_addr(addr):
     156    return safe_str(format_addr(addr))
     157
    146158def get_state_dir():
    147159    """Get a directory where we can put temporary files. Returns None if any
    148160    suitable temporary directory will do."""
    def get_external_ip(): 
    223235    finally:
    224236        f.close()
    225237
    226 opt, args = getopt.gnu_getopt(sys.argv[1:], "46h", ["disable-pin", "facilitator-pubkey=", "help"])
     238opt, args = getopt.gnu_getopt(sys.argv[1:], "46h", ["disable-pin", "facilitator-pubkey=", "help", "unsafe-logging"])
    227239for o, a in opt:
    228240    if o == "-4":
    229241        options.address_family = socket.AF_INET
    for o, a in opt: 
    236248    elif o == "-h" or o == "--help":
    237249        usage()
    238250        sys.exit()
     251    elif o == "--unsafe-logging":
     252        options.safe_logging = False
    239253
    240254if len(args) == 0:
    241255    remote_addr = (DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)
    if not remote_addr[0]: 
    277291    try:
    278292        remote_addr = parse_addr_spec(ip, *remote_addr)
    279293    except ValueError, e:
    280         print >> sys.stderr, "Error parsing external IP address %s: %s" % (repr(ip), str(e))
     294        print >> sys.stderr, "Error parsing external IP address %s: %s" % (safe_str(repr(ip)), str(e))
    281295        sys.exit(1)
    282296
    283297try:
    except Exception, e: 
    299313    sys.exit(1)
    300314http.close()
    301315
    302 print "Registered \"%s\" with %s." % (format_addr(remote_addr), TARGET_DOMAIN)
     316print "Registered \"%s\" with %s." % (safe_format_addr(remote_addr), TARGET_DOMAIN)
  • flashproxy-reg-email

    diff --git a/flashproxy-reg-email b/flashproxy-reg-email
    index 3f77b10..2d3cba9 100755
    a b class options(object): 
    8888    address_family = socket.AF_UNSPEC
    8989    facilitator_pubkey_filename = None
    9090    use_certificate_pin = True
     91    safe_logging = True
    9192
    9293def usage(f = sys.stdout):
    9394    print >> f, """\
    This program requires the M2Crypto library for Python. 
    112113                            public key (default built-in).
    113114  -h, --help              show this help.
    114115  -s, --smtp=HOST[:PORT]  use the given SMTP server
    115                             (default "%(smtp_addr)s").\
     116                            (default "%(smtp_addr)s").
     117  --unsafe-logging        don't scrub IP addresses from logs.\
    116118""" % {
    117119    "progname": sys.argv[0],
    118120    "remote_addr": format_addr((DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)),
    This program requires the M2Crypto library for Python. 
    120122    "smtp_addr": format_addr((DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT)),
    121123}
    122124
     125def safe_str(s):
     126    """Return "[scrubbed]" if options.safe_logging is true, and s otherwise."""
     127    if options.safe_logging:
     128        return "[scrubbed]"
     129    else:
     130        return s
     131
    123132def parse_addr_spec(spec, defhost = None, defport = None):
    124133    host = None
    125134    port = None
    def format_addr(addr): 
    170179        result += u":%d" % port
    171180    return result
    172181
     182def safe_format_addr(addr):
     183    return safe_str(format_addr(addr))
     184
    173185def get_state_dir():
    174186    """Get a directory where we can put temporary files. Returns None if any
    175187    suitable temporary directory will do."""
    def get_facilitator_pubkey(): 
    192204options.email_addr = DEFAULT_EMAIL_ADDRESS
    193205options.smtp_addr = (DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT)
    194206
    195 opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:hs:", ["debug", "disable-pin", "email=", "facilitator-pubkey=", "help", "smtp="])
     207opts, args = getopt.gnu_getopt(sys.argv[1:], "46de:hs:", ["debug", "disable-pin", "email=", "facilitator-pubkey=", "help", "smtp=", "unsafe-logging"])
    196208for o, a in opts:
    197209    if o == "-4":
    198210        options.address_family = socket.AF_INET
    for o, a in opts: 
    211223        sys.exit()
    212224    elif o == "-s" or o == "--smtp":
    213225        options.smtp_addr = parse_addr_spec(a, DEFAULT_SMTP_HOST, DEFAULT_SMTP_PORT)
     226    elif o == "--unsafe-logging":
     227        options.safe_logging = False
    214228
    215229if len(args) == 0:
    216230    options.remote_addr = (DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)
    except Exception, e: 
    310324    print >> sys.stderr, "Failed to register: %s" % str(e)
    311325    sys.exit(1)
    312326
    313 print "Registered \"%s\" with %s." % (format_addr(options.remote_addr), options.email_addr)
     327print "Registered \"%s\" with %s." % (safe_format_addr(options.remote_addr), options.email_addr)
  • flashproxy-reg-http

    diff --git a/flashproxy-reg-http b/flashproxy-reg-http
    index 68fe46a..975ebda 100755
    a b class options(object): 
    1616    remote_addr = None
    1717    facilitator_url = None
    1818    address_family = socket.AF_UNSPEC
     19    safe_logging = True
    1920
    2021def usage(f = sys.stdout):
    2122    print >> f, """\
    remote address registered is "%(remote_addr)s". 
    2728  -6                     name lookups use only IPv6.
    2829  -f, --facilitator=URL  register with the given facilitator
    2930                           (by default "%(fac_url)s").
    30   -h, --help             show this help.\
     31  -h, --help             show this help.
     32  --unsafe-logging       don't scrub IP addresses from logs.\
    3133""" % {
    3234    "progname": sys.argv[0],
    3335    "fac_url": DEFAULT_FACILITATOR_URL,
    3436    "remote_addr": format_addr((DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)),
    3537}
    3638
     39def safe_str(s):
     40    """Return "[scrubbed]" if options.safe_logging is true, and s otherwise."""
     41    if options.safe_logging:
     42        return "[scrubbed]"
     43    else:
     44        return s
     45
    3746def parse_addr_spec(spec, defhost = None, defport = None):
    3847    host = None
    3948    port = None
    def format_addr(addr): 
    8796options.facilitator_url = DEFAULT_FACILITATOR_URL
    8897options.remote_addr = (DEFAULT_REMOTE_ADDRESS, DEFAULT_REMOTE_PORT)
    8998
    90 opts, args = getopt.gnu_getopt(sys.argv[1:], "46f:h", ["facilitator=", "help"])
     99opts, args = getopt.gnu_getopt(sys.argv[1:], "46f:h", ["facilitator=", "help", "unsafe-logging"])
    91100for o, a in opts:
    92101    if o == "-4":
    93102        options.address_family = socket.AF_INET
    for o, a in opts: 
    98107    elif o == "-h" or o == "--help":
    99108        usage()
    100109        sys.exit()
     110    elif o == "--unsafe-logging":
     111        options.safe_logging = False
    101112
    102113if len(args) == 0:
    103114    pass
    except Exception, e: 
    127138    sys.exit(1)
    128139http.close()
    129140
    130 print "Registered \"%s\" with %s." % (spec, options.facilitator_url)
     141print "Registered \"%s\" with %s." % (safe_str(spec), options.facilitator_url)
  • flashproxy-reg-url

    diff --git a/flashproxy-reg-url b/flashproxy-reg-url
    index b30c550..9143b5a 100755
    a b gwIDAQAB 
    3131class options(object):
    3232    facilitator_url = None
    3333    facilitator_pubkey_filename = None
     34    safe_logging = True
    3435
    3536def usage(f = sys.stdout):
    3637    print >> f, """\
    default PORT is %(port)d. 
    4445      --facilitator-pubkey=FILENAME
    4546                         encrypt registrations to the given PEM-formatted
    4647                           public key (default built-in).
    47   -h, --help             show this help.\
     48  -h, --help             show this help.
     49  --unsafe-logging       don't scrub IP addresses from logs.\
    4850""" % {
    4951    "progname": sys.argv[0],
    5052    "fac_url": DEFAULT_FACILITATOR_URL,
    5153    "port": DEFAULT_REMOTE_PORT,
    5254}
    5355
     56def safe_str(s):
     57    """Return "[scrubbed]" if options.safe_logging is true, and s otherwise."""
     58    if options.safe_logging:
     59        return "[scrubbed]"
     60    else:
     61        return s
     62
    5463def parse_addr_spec(spec, defhost = None, defport = None):
    5564    host = None
    5665    port = None
    def get_facilitator_pubkey(): 
    109118
    110119options.facilitator_url = DEFAULT_FACILITATOR_URL
    111120
    112 opt, args = getopt.gnu_getopt(sys.argv[1:], "f:h", ["facilitator=", "facilitator-pubkey=", "help"])
     121opt, args = getopt.gnu_getopt(sys.argv[1:], "f:h", ["facilitator=", "facilitator-pubkey=", "help", "unsafe-logging"])
    113122for o, a in opt:
    114123    if o == "-f" or o == "--facilitator":
    115124        options.facilitator_url = a
    for o, a in opt: 
    118127    elif o == "-h" or o == "--help":
    119128        usage()
    120129        sys.exit()
     130    elif o == "--unsafe-logging":
     131        options.safe_logging = False
    121132
    122133if len(args) != 1:
    123134    usage(sys.stderr)