mirror of
https://github.com/zulip/zulip.git
synced 2026-07-12 21:04:41 +08:00
bugdown: Hide alphanumeric characters in exception logs, for privacy
(imported from commit 39481494b7910307f56e566035c1b464c83d196e)
This commit is contained in:
parent
451a041919
commit
1d4f339eae
@ -1,6 +1,7 @@
|
||||
import markdown
|
||||
import logging
|
||||
import traceback
|
||||
import re
|
||||
|
||||
from zephyr.lib.avatar import gravatar_hash
|
||||
from zephyr.lib.bugdown import codehilite
|
||||
@ -42,6 +43,16 @@ MAX_MD_ENGINE_USES = 30
|
||||
_md_engine = None
|
||||
_use_count = 0
|
||||
|
||||
# We want to log Markdown parser failures, but shouldn't log the actual input
|
||||
# message for privacy reasons. The compromise is to replace all alphanumeric
|
||||
# characters with 'x'.
|
||||
#
|
||||
# We also use repr() to improve reproducibility, and to escape terminal control
|
||||
# codes, which can do surprisingly nasty things.
|
||||
_privacy_re = re.compile(r'\w', flags=re.UNICODE)
|
||||
def _sanitize_for_log(md):
|
||||
return repr(_privacy_re.sub('x', md))
|
||||
|
||||
def _linkify(match):
|
||||
url = match.group('url')
|
||||
return ' [%s](%s) ' % (url, url)
|
||||
@ -62,14 +73,9 @@ def convert(md):
|
||||
html = _md_engine.convert(md)
|
||||
except:
|
||||
# FIXME: Do something more reasonable here!
|
||||
#
|
||||
# NB: For security, we must not print the bare Markdown input.
|
||||
# It could contain terminal control codes, which can do
|
||||
# surprisingly nasty things.
|
||||
|
||||
html = '<p>[Humbug note: Sorry, we could not understand the formatting of your message]</p>'
|
||||
logging.getLogger('').error('Exception in Markdown parser: %sInput was: %s'
|
||||
% (traceback.format_exc(), repr(md)))
|
||||
logging.getLogger('').error('Exception in Markdown parser: %sInput (sanitized) was: %s'
|
||||
% (traceback.format_exc(), _sanitize_for_log(md)))
|
||||
|
||||
_use_count += 1
|
||||
if _use_count >= MAX_MD_ENGINE_USES:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user