Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redact tokens, etc. in url parameters from request logs #1212

Merged
merged 1 commit into from
Feb 15, 2023
Merged

Redact tokens, etc. in url parameters from request logs #1212

merged 1 commit into from
Feb 15, 2023

Conversation

minrk
Copy link
Contributor

@minrk minrk commented Feb 15, 2023

replaces ?token=abc123 with ?token=[secret] in logs to avoid logging things like auth tokens.

adapted from jupyterhub

@minrk
redact tokens, etc. from request logs
87c2091 
replaces `?token=abc123` with `?token=[secret]` in logs
@codecov
Copy link

codecov bot commented Feb 15, 2023
edited
Loading

Codecov Report

Base: 80.49% // Head: 80.46% // Decreases project coverage by -0.04% ⚠️

Coverage data is based on head (87c2091) compared to base (ee6c660).
Patch coverage: 66.66% of modified lines in pull request are covered.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1212      +/-   ##
==========================================
- Coverage   80.49%   80.46%   -0.04%     
==========================================
  Files          68       68              
  Lines        8117     8134      +17     
  Branches     1581     1586       +5     
==========================================
+ Hits         6534     6545      +11     
- Misses       1170     1174       +4     
- Partials      413      415       +2
Impacted Files Coverage Δ
jupyter_server/log.py 89.09% <66.66%> (-10.91%) ⬇️
jupyter_server/serverapp.py 79.96% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@blink1073 blink1073 added the bug label Feb 15, 2023
blink1073
blink1073 approved these changes Feb 15, 2023
View reviewed changes
Copy link
Contributor

@blink1073 blink1073 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@blink1073 blink1073 changed the title redact tokens, etc. in url parameters from request logs Redact tokens, etc. in url parameters from request logs Feb 15, 2023
@blink1073 blink1073 merged commit 968c56c into jupyter-server:main Feb 15, 2023
@blink1073
Copy link
Contributor

@meeseeksdev please backport to 1.x

@lumberbot-app
Copy link

lumberbot-app bot commented Feb 15, 2023

Owee, I'm MrMeeseeks, Look at me.

There seem to be a conflict, please backport manually. Here are approximate instructions:

  1. Checkout backport branch and update it.
git checkout 1.x
git pull
  1. Cherry pick the first parent branch of the this PR on top of the older branch:
git cherry-pick -x -m1 968c56c8c69aa545f7fe93243331fe140dac7c90
  1. You will likely have some merge/cherry-pick conflict here, fix them and commit:
git commit -am 'Backport PR #1212: Redact tokens, etc. in url parameters from request logs'
  1. Push to a named branch:
git push YOURFORK 1.x:auto-backport-of-pr-1212-on-1.x
  1. Create a PR against branch 1.x, I would have named this PR:

"Backport PR #1212 on branch 1.x (Redact tokens, etc. in url parameters from request logs)"

And apply the correct labels and milestones.

Congratulations — you did some good work! Hopefully your backport PR will be tested by the continuous integration and merged soon!

Remember to remove the Still Needs Manual Backport label once the PR gets merged.

If these instructions are inaccurate, feel free to suggest an improvement.

blink1073 pushed a commit to blink1073/jupyter_server that referenced this pull request Feb 15, 2023
@minrk @blink1073
Backport PR jupyter-server#1212: Redact tokens, etc. in url parameter…
fc0eba7 
…s from request logs

replaces `?token=abc123` with `?token=[secret]` in logs

(cherry picked from commit 968c56c)
blink1073 added a commit that referenced this pull request Feb 15, 2023
@blink1073 @minrk
Backport PR #1212: Redact tokens, etc. in url parameters from request…
75bbefa 
… logs (#1214)

replaces `?token=abc123` with `?token=[secret]` in logs

(cherry picked from commit 968c56c)

Co-authored-by: Min RK <[email protected]>
@isaackwy isaackwy mentioned this pull request Feb 17, 2023
Closed
@lresende lresende mentioned this pull request Mar 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blink1073 blink1073 blink1073 approved these changes

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@minrk @blink1073