github/plexpy
1
0
Fork 0
mirror of https://github.com/Tautulli/Tautulli.git synced 2025-07-12 00:06:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add toggle for log blacklist and mask public IP addresses

Browse source
This commit is contained in:
JonnyWong16 2016-03-27 15:18:41 -07:00
parent 67d3505733
commit ba6ef4d629
4 changed files with 58 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

7
data/interfaces/default/settings.html
View file

@ -190,6 +190,13 @@ available_notification_agents = sorted(notifiers.available_notification_agents()
</label> </label>
<p class="help-block">Group successive play history by the same user as a single entry in the tables and watch statistics.</p> <p class="help-block">Group successive play history by the same user as a single entry in the tables and watch statistics.</p>
</div> </div>
<div class="checkbox">
<label>
<input type="checkbox" id="log_blacklist" name="log_blacklist" value="1" ${config['log_blacklist']}> Mask Sensitive Information in Logs
</label>
<p class="help-block">Enable to mask passwords, access tokens, and public IP addresses with asterisks (*) in the logs.<br />
Note: Only logs from the time this setting is enabled will be masked. Do not post your logs publically without masking sensitive information!</p>
</div>
<div class="padded-header"> <div class="padded-header">
<h3>Directories</h3> <h3>Directories</h3>

8
plexpy/config.py
View file

@ -169,6 +169,7 @@ _CONFIG_DEFINITIONS = {
'IFTTT_ON_PMSUPDATE': (int, 'IFTTT', 0), 'IFTTT_ON_PMSUPDATE': (int, 'IFTTT', 0),
'JOURNAL_MODE': (str, 'Advanced', 'wal'), 'JOURNAL_MODE': (str, 'Advanced', 'wal'),
'LAUNCH_BROWSER': (int, 'General', 1), 'LAUNCH_BROWSER': (int, 'General', 1),
'LOG_BLACKLIST': (int, 'General', 1),
'LOG_DIR': (str, 'General', ''), 'LOG_DIR': (str, 'General', ''),
'LOGGING_IGNORE_INTERVAL': (int, 'Monitoring', 120), 'LOGGING_IGNORE_INTERVAL': (int, 'Monitoring', 120),
'MOVIE_LOGGING_ENABLE': (int, 'Monitoring', 1), 'MOVIE_LOGGING_ENABLE': (int, 'Monitoring', 1),
@ -449,9 +450,7 @@ class Config(object):
for key in _CONFIG_DEFINITIONS.keys(): for key in _CONFIG_DEFINITIONS.keys():
self.check_setting(key) self.check_setting(key)
self._upgrade() self._upgrade()
self._blacklist()
if not plexpy.DEV:
self._blacklist()
def _blacklist(self): def _blacklist(self):
""" Add tokens and passwords to blacklisted words in logger """ """ Add tokens and passwords to blacklisted words in logger """
@ -522,8 +521,7 @@ class Config(object):
except IOError as e: except IOError as e:
plexpy.logger.error("Error writing configuration file: %s", e) plexpy.logger.error("Error writing configuration file: %s", e)
if not plexpy.DEV: self._blacklist()
self._blacklist()
def __getattr__(self, name): def __getattr__(self, name):
""" """

50
plexpy/logger.py
View file

@ -27,6 +27,7 @@ import logging
import errno import errno
import sys import sys
import os import os
import re
# These settings are for file logging only # These settings are for file logging only
FILENAME = "plexpy.log" FILENAME = "plexpy.log"
@ -73,17 +74,53 @@ class BlacklistFilter(logging.Filter):
pass pass
def filter(self, record): def filter(self, record):
if not plexpy.CONFIG.LOG_BLACKLIST:
return True
for item in _BLACKLIST_WORDS: for item in _BLACKLIST_WORDS:
try: try:
if item in record.msg: if item in record.msg:
record.msg = record.msg.replace(item, 8 * '*' + item[-2:]) record.msg = record.msg.replace(item, 8 * '*' + item[-2:])
if any(item in str(arg) for arg in record.args): if any(item in str(arg) for arg in record.args):
record.args = tuple(arg.replace(item, 8 * '*' + item[-2:]) for arg in record.args) record.args = tuple(arg.replace(item, 8 * '*' + item[-2:]) if isinstance(arg, basestring) else arg
for arg in record.args)
except: except:
pass pass
return True return True
class PublicIPFilter(logging.Filter):
"""
Log filter for public IP addresses
"""
def __init__(self):
pass
def filter(self, record):
if not plexpy.CONFIG.LOG_BLACKLIST:
return True
try:
# Currently only checking for ipv4 addresses
ipv4 = re.findall(r'[0-9]+(?:\.[0-9]+){3}', record.msg)
for ip in ipv4:
if helpers.is_ip_public(ip):
record.msg = record.msg.replace(ip, ip.partition('.')[0] + '.***.***.***')
args = []
for arg in record.args:
ipv4 = re.findall(r'[0-9]+(?:\.[0-9]+){3}', arg) if isinstance(arg, basestring) else []
for ip in ipv4:
if helpers.is_ip_public(ip):
arg = arg.replace(ip, ip.partition('.')[0] + '.***.***.***')
args.append(arg)
record.args = tuple(args)
except:
pass
return True
@contextlib.contextmanager @contextlib.contextmanager
def listener(): def listener():
""" """
@ -175,7 +212,6 @@ def initLogger(console=False, log_dir=False, verbose=False):
# Add list logger # Add list logger
loglist_handler = LogListHandler() loglist_handler = LogListHandler()
loglist_handler.setLevel(logging.DEBUG) loglist_handler.setLevel(logging.DEBUG)
loglist_handler.addFilter(BlacklistFilter())
logger.addHandler(loglist_handler) logger.addHandler(loglist_handler)
@ -187,7 +223,6 @@ def initLogger(console=False, log_dir=False, verbose=False):
file_handler = handlers.RotatingFileHandler(filename, maxBytes=MAX_SIZE, backupCount=MAX_FILES) file_handler = handlers.RotatingFileHandler(filename, maxBytes=MAX_SIZE, backupCount=MAX_FILES)
file_handler.setLevel(logging.DEBUG) file_handler.setLevel(logging.DEBUG)
file_handler.setFormatter(file_formatter) file_handler.setFormatter(file_formatter)
file_handler.addFilter(BlacklistFilter())
logger.addHandler(file_handler) logger.addHandler(file_handler)
@ -197,10 +232,17 @@ def initLogger(console=False, log_dir=False, verbose=False):
console_handler = logging.StreamHandler() console_handler = logging.StreamHandler()
console_handler.setFormatter(console_formatter) console_handler.setFormatter(console_formatter)
console_handler.setLevel(logging.DEBUG) console_handler.setLevel(logging.DEBUG)
console_handler.addFilter(BlacklistFilter())
logger.addHandler(console_handler) logger.addHandler(console_handler)
# Add filters to log handlers
# Only add filters after the config file has been initialized
# Nothing prior to initialization should contain sensitive information
if not plexpy.DEV and plexpy.CONFIG:
for handler in logger.handlers:
handler.addFilter(BlacklistFilter())
handler.addFilter(PublicIPFilter())
# Install exception hooks # Install exception hooks
initHooks() initHooks()

3
plexpy/webserve.py
View file

@ -1180,6 +1180,7 @@ class WebInterface(object):
"backup_dir": plexpy.CONFIG.BACKUP_DIR, "backup_dir": plexpy.CONFIG.BACKUP_DIR,
"cache_dir": plexpy.CONFIG.CACHE_DIR, "cache_dir": plexpy.CONFIG.CACHE_DIR,
"log_dir": plexpy.CONFIG.LOG_DIR, "log_dir": plexpy.CONFIG.LOG_DIR,
"log_blacklist": checked(plexpy.CONFIG.LOG_BLACKLIST),
"check_github": checked(plexpy.CONFIG.CHECK_GITHUB), "check_github": checked(plexpy.CONFIG.CHECK_GITHUB),
"interface_list": interface_list, "interface_list": interface_list,
"cache_sizemb": plexpy.CONFIG.CACHE_SIZEMB, "cache_sizemb": plexpy.CONFIG.CACHE_SIZEMB,
@ -1282,7 +1283,7 @@ class WebInterface(object):
"ip_logging_enable", "movie_logging_enable", "tv_logging_enable", "music_logging_enable", "ip_logging_enable", "movie_logging_enable", "tv_logging_enable", "music_logging_enable",
"pms_is_remote", "home_stats_type", "group_history_tables", "notify_consecutive", "notify_upload_posters", "pms_is_remote", "home_stats_type", "group_history_tables", "notify_consecutive", "notify_upload_posters",
"notify_recently_added", "notify_recently_added_grandparent", "notify_recently_added", "notify_recently_added_grandparent",
"monitor_pms_updates", "monitor_remote_access", "get_file_sizes" "monitor_pms_updates", "monitor_remote_access", "get_file_sizes", "log_blacklist"
] ]
for checked_config in checked_configs: for checked_config in checked_configs:
if checked_config not in kwargs: if checked_config not in kwargs: