8000 Jac/redact embedded creds by jacalata · Pull Request #1035 · tableau/server-client-python · GitHub
[go: up one dir, main page]

Skip to content

Jac/redact embedded creds #1035

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
May 26, 2022
Merged

Jac/redact embedded creds #1035

merged 18 commits into from
May 26, 2022

Conversation

jacalata
Copy link
Contributor
@jacalata jacalata commented May 8, 2022

call a redaction method before logging workbook/ds file contents to overwrite embedded credentials with junk (fixes #1024 for real)
does not work in 3.6

jacalata added 5 commits May 8, 2022 00:57
Use it to remove passwords from logs with publish requests and responses, which can contain embedded credentials.
skip redaction for python 3.6 b/c it doesn't do single dispatch
@jacalata jacalata requested a review from vogelsgesang May 9, 2022 08:37
jacalata added 4 commits May 14, 2022 20:13
add python version enforcement in setup.py
but don't bother redacting the word "password"
@t8y8
Copy link
Collaborator
t8y8 commented May 15, 2022

The approach breaks my brain a little -- given that workbooks/datasources have been XML for ~15 years and probably will remain so, I would advocate an approach where we just strip any element or attribute with a tag name or attribute name of 'password', 'secret' etc.

It would protect you from parsing xml manually and be easier to troubleshoot in the future I think.

Something like
root.findall(".//[@password]" should do it

Copy link
@mwhagedorn mwhagedorn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good, couple minor questions, no blockers

@jacalata jacalata requested a review from vogelsgesang May 25, 2022 21:19
jacalata added 3 commits May 26, 2022 15:36
I noticed that dqw didn't have any tests, and I hadn't covered the "redact a not-xml string" case
@jacalata jacalata merged commit 5d82410 into development May 26, 2022
@jacalata jacalata deleted the jac/redact_embedded_creds branch May 26, 2022 23:32
jacalata added a commit that referenced this pull request Jun 1, 2022
* add redaction method to remove passwords when logging requests and responses, which can contain embedded credentials.
* remove support for python 3.6 (add python version enforcement in setup.py)
jacalata added a commit that referenced this pull request Jun 6, 2022
* add redaction method to remove passwords when logging requests and responses, which can contain embedded credentials.
* remove support for python 3.6 (add python version enforcement in setup.py)
jacalata added a commit that referenced this pull request Sep 20, 2022
* add redaction method to remove passwords when logging requests and responses, which can contain embedded credentials.
* remove support for python 3.6 (add python version enforcement in setup.py)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

When we publish workbooks or datasources and use debug mode, user and password are displayed in plain text
4 participants
0