Filter out tokens/keys/passwords from logger

2025-07-08 06:00:51 -07:00 · 2016-03-15 23:49:35 -07:00 · 2016-03-15 23:49:35 -07:00 · ed8c7c1052
commit ed8c7c1052
parent 498a074222
2 changed files with 42 additions and 0 deletions
--- a/plexpy/config.py
+++ b/plexpy/config.py
@ -432,6 +432,9 @@ _CONFIG_DEFINITIONS = {
    'XBMC_ON_PMSUPDATE': (int, 'XBMC', 0)
 }

+_BLACKLIST_KEYS = ['_APITOKEN', '_TOKEN', '_KEY', '_SECRET', '_PASSWORD', '_APIKEY', '_ID']
+_WHITELIST_KEYS = ['HTTPS_KEY', 'UPDATE_SECTION_IDS']
+

 # pylint:disable=R0902
 # it might be nice to refactor for fewer instance variables
@ -445,6 +448,18 @@ class Config(object):
        for key in _CONFIG_DEFINITIONS.keys():
            self.check_setting(key)
        self._upgrade()
+        self._blacklist()
+
+    def _blacklist(self):
+        """ Add tokens and passwords to blacklisted words in logger """
+        blacklist = []
+
+        for key, subkeys in self._config.iteritems():
+            for subkey, value in subkeys.iteritems():
+                if value and subkey.upper() not in _WHITELIST_KEYS and any(bk in subkey.upper() for bk in _BLACKLIST_KEYS):
+                    blacklist.append(value)
+
+        plexpy.logger._BLACKLIST_WORDS = blacklist

    def _define(self, name):
        key = name.upper()
@ -504,6 +519,8 @@ class Config(object):
        except IOError as e:
            plexpy.logger.error("Error writing configuration file: %s", e)

+        self._blacklist()
+
    def __getattr__(self, name):
        """
        Returns something from the ini unless it is a real property
--- a/plexpy/logger.py
+++ b/plexpy/logger.py
@ -33,6 +33,8 @@ FILENAME = "plexpy.log"
 MAX_SIZE = 1000000 # 1 MB
 MAX_FILES = 5

+_BLACKLIST_WORDS = []
+
 # PlexPy logger
 logger = logging.getLogger("plexpy")

@ -62,6 +64,26 @@ class NoThreadFilter(logging.Filter):
        return not record.threadName == self.threadName


+# Taken from Hellowlol/HTPC-Manager
+class BlacklistFilter(logging.Filter):
+    """
+    Log filter for blacklisted tokens and passwords
+    """
+    def __init__(self):
+        pass
+
+    def filter(self, record):
+        for item in _BLACKLIST_WORDS:
+            try:
+                if item in record.msg:
+                    record.msg = record.msg.replace(item[:-2], 8 * '*')
+                if any(item in str(arg) for arg in record.args):
+                    record.args = tuple(arg.replace(item[:-2], 8 * '*') for arg in record.args)
+            except:
+                pass
+        return True
+
+
@contextlib.contextmanager
 def listener():
    """
@ -153,6 +175,7 @@ def initLogger(console=False, log_dir=False, verbose=False):
    # Add list logger
    loglist_handler = LogListHandler()
    loglist_handler.setLevel(logging.DEBUG)
+    loglist_handler.addFilter(BlacklistFilter())

    logger.addHandler(loglist_handler)

@ -164,6 +187,7 @@ def initLogger(console=False, log_dir=False, verbose=False):
        file_handler = handlers.RotatingFileHandler(filename, maxBytes=MAX_SIZE, backupCount=MAX_FILES)
        file_handler.setLevel(logging.DEBUG)
        file_handler.setFormatter(file_formatter)
+        file_handler.addFilter(BlacklistFilter())

        logger.addHandler(file_handler)

@ -173,6 +197,7 @@ def initLogger(console=False, log_dir=False, verbose=False):
        console_handler = logging.StreamHandler()
        console_handler.setFormatter(console_formatter)
        console_handler.setLevel(logging.DEBUG)
+        console_handler.addFilter(BlacklistFilter())

        logger.addHandler(console_handler)