Skip to content

Commit

Permalink
Hide sensitive information in web-request logs such as API keys. (NB:…
Browse files Browse the repository at this point in the history 
… only for Internal Data Providers).
  • Loading branch information
Damien Haynes committed Jan 21, 2020
1 parent a41fccc commit 6e2a66c
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 5 deletions.
19 changes: 14 additions & 5 deletions Cornerstone/Tools/WebGrabber.cs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Net;
using System.Reflection;
Expand All @@ -17,6 +18,7 @@ public class WebGrabber {
private static int unsafeHeaderUserCount;
private static object lockingObj;
private string requestUrl;
private string maskedRequestUrl;

#endregion

Expand Down Expand Up @@ -166,14 +168,14 @@ public bool GetResponse() {
// all other status codes mostly indicate problems that won't be
// solved within the retry period so fail these immediatly
default:
logger.Error("Connection failed: URL={0}, Status={1}, Description={2}.", requestUrl, statusCode, ((HttpWebResponse)e.Response).StatusDescription);
logger.Error("Connection failed: URL={0}, Status={1}, Description={2}.", maskedRequestUrl, statusCode, ((HttpWebResponse)e.Response).StatusDescription);
return false;
}
}

// Return when hitting maximum retries.
if (tryCount == maxRetries) {
logger.Warn("Connection failed: Reached retry limit of " + maxRetries + ". URL=" + requestUrl);
logger.Warn("Connection failed: Reached retry limit of " + maxRetries + ". URL=" + maskedRequestUrl );
return false;
}

Expand Down Expand Up @@ -205,15 +207,15 @@ public bool GetResponse() {
cookieHeader = request.CookieContainer.GetCookieHeader(request.RequestUri);

// Debug
if (_debug) logger.Debug("GetResponse: URL={0}, UserAgent={1}, CookieHeader={2}, Accept={3}", requestUrl, userAgent, cookieHeader, _accept);
if (_debug) logger.Debug("GetResponse: URL={0}, UserAgent={1}, CookieHeader={2}, Accept={3}", maskedRequestUrl, userAgent, cookieHeader, _accept);

// disable unsafe header parsing if it was enabled
if (_allowUnsafeHeader) SetAllowUnsafeHeaderParsing(false);

return true;
}
catch (Exception e) {
logger.Warn("Unexpected error getting http response from '{0}': {1}", requestUrl, e.Message);
logger.Warn("Unexpected error getting http response from '{0}': {1}", maskedRequestUrl, e.Message);
return false;
}
}
Expand Down Expand Up @@ -281,7 +283,7 @@ public XmlNodeList GetXML(string rootNode) {
xml.LoadXml(data);
}
catch (XmlException e) {
logger.ErrorException("XML Parse error: URL=" + requestUrl, e);
logger.ErrorException("XML Parse error: URL=" + maskedRequestUrl, e);
return null;
}

Expand All @@ -300,6 +302,13 @@ public XmlNodeList GetXML(string rootNode) {

}

public void SetMaskedKeysForLogger(List<string> aKeys) {
maskedRequestUrl = requestUrl;
foreach (string key in aKeys) {
maskedRequestUrl = maskedRequestUrl.Replace( key, "<apikey>" );
}
}

#endregion

#region Private methods
Expand Down
11 changes: 11 additions & 0 deletions MovingPictures/LocalMediaManagement/Utility.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,17 @@ public static WebGrabber GetWebGrabberInstance(string url) {
grabber.MaxRetries = MovingPicturesCore.Settings.MaxTimeouts;
grabber.Timeout = MovingPicturesCore.Settings.TimeoutLength;
grabber.TimeoutIncrement = MovingPicturesCore.Settings.TimeoutIncrement;

// hide sensitive data
List<string> lMaskedKeys = new List<string>();
lMaskedKeys.Add( "4f26c36ab3d97e3a4a0c1e081710e3a6" ); // fanart.tv api key
lMaskedKeys.Add( "cc25933c4094ca50635f94574491f320" ); // themoviedb.org api key

if (!string.IsNullOrWhiteSpace( MovingPicturesCore.Settings.FanartTVClientKey )) {
lMaskedKeys.Add( MovingPicturesCore.Settings.FanartTVClientKey ); // fanart.tv user key
}
grabber.SetMaskedKeysForLogger( lMaskedKeys );

return grabber;
}

Expand Down

0 comments on commit 6e2a66c

Please sign in to comment.