Add toggle for log blacklist and mask public IP addresses

2025-07-13 16:52:58 -07:00 · 2016-03-27 15:18:41 -07:00 · 2016-03-27 15:18:41 -07:00 · ba6ef4d629
commit ba6ef4d629
parent 67d3505733
4 changed files with 58 additions and 10 deletions
--- a/plexpy/logger.py
+++ b/plexpy/logger.py
@ -27,6 +27,7 @@ import logging
 import errno
 import sys
 import os
+import re

 # These settings are for file logging only
 FILENAME = "plexpy.log"
@ -73,17 +74,53 @@ class BlacklistFilter(logging.Filter):
        pass

    def filter(self, record):
+        if not plexpy.CONFIG.LOG_BLACKLIST:
+            return True
+
        for item in _BLACKLIST_WORDS:
            try:
                if item in record.msg:
                    record.msg = record.msg.replace(item, 8 * '*' + item[-2:])
                if any(item in str(arg) for arg in record.args):
-                    record.args = tuple(arg.replace(item, 8 * '*' + item[-2:]) for arg in record.args)
+                    record.args = tuple(arg.replace(item, 8 * '*' + item[-2:]) if isinstance(arg, basestring) else arg
+                                        for arg in record.args)
            except:
                pass
        return True


+class PublicIPFilter(logging.Filter):
+    """
+    Log filter for public IP addresses
+    """
+    def __init__(self):
+        pass
+
+    def filter(self, record):
+        if not plexpy.CONFIG.LOG_BLACKLIST:
+            return True
+
+        try:
+            # Currently only checking for ipv4 addresses
+            ipv4 = re.findall(r'[0-9]+(?:\.[0-9]+){3}', record.msg)
+            for ip in ipv4:
+                if helpers.is_ip_public(ip):
+                    record.msg = record.msg.replace(ip, ip.partition('.')[0] + '.***.***.***')
+
+            args = []
+            for arg in record.args:
+                ipv4 = re.findall(r'[0-9]+(?:\.[0-9]+){3}', arg) if isinstance(arg, basestring) else []
+                for ip in ipv4:
+                    if helpers.is_ip_public(ip):
+                        arg = arg.replace(ip, ip.partition('.')[0] + '.***.***.***')
+                args.append(arg)
+            record.args = tuple(args)
+        except:
+            pass
+
+        return True
+
+
@contextlib.contextmanager
 def listener():
    """
@ -175,7 +212,6 @@ def initLogger(console=False, log_dir=False, verbose=False):
    # Add list logger
    loglist_handler = LogListHandler()
    loglist_handler.setLevel(logging.DEBUG)
-    loglist_handler.addFilter(BlacklistFilter())

    logger.addHandler(loglist_handler)

@ -187,7 +223,6 @@ def initLogger(console=False, log_dir=False, verbose=False):
        file_handler = handlers.RotatingFileHandler(filename, maxBytes=MAX_SIZE, backupCount=MAX_FILES)
        file_handler.setLevel(logging.DEBUG)
        file_handler.setFormatter(file_formatter)
-        file_handler.addFilter(BlacklistFilter())

        logger.addHandler(file_handler)

@ -197,10 +232,17 @@ def initLogger(console=False, log_dir=False, verbose=False):
        console_handler = logging.StreamHandler()
        console_handler.setFormatter(console_formatter)
        console_handler.setLevel(logging.DEBUG)
-        console_handler.addFilter(BlacklistFilter())

        logger.addHandler(console_handler)

+    # Add filters to log handlers
+    # Only add filters after the config file has been initialized
+    # Nothing prior to initialization should contain sensitive information
+    if not plexpy.DEV and plexpy.CONFIG:
+        for handler in logger.handlers:
+            handler.addFilter(BlacklistFilter())
+            handler.addFilter(PublicIPFilter())
+
    # Install exception hooks
    initHooks()