From 1d4f339eae3207eff5f1de37d7c2b86c2b2b20e1 Mon Sep 17 00:00:00 2001 From: Keegan McAllister Date: Thu, 25 Oct 2012 15:38:47 -0400 Subject: [PATCH] bugdown: Hide alphanumeric characters in exception logs, for privacy (imported from commit 39481494b7910307f56e566035c1b464c83d196e) --- zephyr/lib/bugdown/__init__.py | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/zephyr/lib/bugdown/__init__.py b/zephyr/lib/bugdown/__init__.py index 2d9fa2c6c3..f4068bea40 100644 --- a/zephyr/lib/bugdown/__init__.py +++ b/zephyr/lib/bugdown/__init__.py @@ -1,6 +1,7 @@ import markdown import logging import traceback +import re from zephyr.lib.avatar import gravatar_hash from zephyr.lib.bugdown import codehilite @@ -42,6 +43,16 @@ MAX_MD_ENGINE_USES = 30 _md_engine = None _use_count = 0 +# We want to log Markdown parser failures, but shouldn't log the actual input +# message for privacy reasons. The compromise is to replace all alphanumeric +# characters with 'x'. +# +# We also use repr() to improve reproducibility, and to escape terminal control +# codes, which can do surprisingly nasty things. +_privacy_re = re.compile(r'\w', flags=re.UNICODE) +def _sanitize_for_log(md): + return repr(_privacy_re.sub('x', md)) + def _linkify(match): url = match.group('url') return ' [%s](%s) ' % (url, url) @@ -62,14 +73,9 @@ def convert(md): html = _md_engine.convert(md) except: # FIXME: Do something more reasonable here! - # - # NB: For security, we must not print the bare Markdown input. - # It could contain terminal control codes, which can do - # surprisingly nasty things. - html = '

[Humbug note: Sorry, we could not understand the formatting of your message]

' - logging.getLogger('').error('Exception in Markdown parser: %sInput was: %s' - % (traceback.format_exc(), repr(md))) + logging.getLogger('').error('Exception in Markdown parser: %sInput (sanitized) was: %s' + % (traceback.format_exc(), _sanitize_for_log(md))) _use_count += 1 if _use_count >= MAX_MD_ENGINE_USES: