Skip to content

Commit

Permalink
Merge PR #10 into 14.0
Browse files Browse the repository at this point in the history 
Signed-off-by simahawk
  • Loading branch information
@OCA-git-bot
OCA-git-bot committed Oct 24, 2023
2 parents 8e23769 + 9a068eb commit 8661ba9
Show file tree
Hide file tree
Showing 4 changed files with 52 additions and 0 deletions.
12 changes: 12 additions & 0 deletions webservice/components/request_adapter.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,16 @@
# @author Simone Orsi <simahawk@gmail.com>
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).

import logging

import requests

from odoo.addons.component.core import Component

from ..utils import sanitize_url_for_log

_logger = logging.getLogger(__name__)


class BaseRestRequestsAdapter(Component):
"""Generic adapter for HTTP requests."""
Expand All @@ -18,6 +24,9 @@ class BaseRestRequestsAdapter(Component):
# TODO: url and url_params could come from work_ctx
def _request(self, method, url=None, url_params=None, **kwargs):
url = self._get_url(url=url, url_params=url_params)
# TODO: turn on/off debug from webservice setting?
url_to_log = self._sanitize_url_for_log(url)
_logger.info("%s call to %s", method, url_to_log)
new_kwargs = kwargs.copy()
new_kwargs.update(
{"auth": self._get_auth(**kwargs), "headers": self._get_headers(**kwargs)}
Expand All @@ -26,6 +35,9 @@ def _request(self, method, url=None, url_params=None, **kwargs):
request.raise_for_status()
return request.content

def _sanitize_url_for_log(self, url):
return sanitize_url_for_log(url)

def get(self, **kwargs):
return self._request("get", **kwargs)

Expand Down
1 change: 1 addition & 0 deletions webservice/tests/__init__.py
View file
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
from . import test_webservice
from . import test_utils
14 changes: 14 additions & 0 deletions webservice/tests/test_utils.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Copyright 2023 Camptocamp SA
# @author Simone Orsi <simahawk@gmail.com>
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).


from odoo.tests.common import BaseCase

from odoo.addons.webservice.utils import sanitize_url_for_log


class TestUtils(BaseCase):
def test_url_cleanup(self):
url = "https://custom.url/?a=1&apikey=secret&password=moresecret"
self.assertEqual(sanitize_url_for_log(url), "https://custom.url/?a=1")
25 changes: 25 additions & 0 deletions webservice/utils.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Copyright 2023 Camptocamp SA
# @author Simone Orsi <simahawk@gmail.com>
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).

from urllib.parse import parse_qs, urlencode, urlparse, urlunparse


def sanitize_url_for_log(url, blacklisted_keys=None):
"""Sanitize url to avoid loggin sensitive data"""
blacklisted_keys = blacklisted_keys or ("apikey", "password", "pwd")
parsed = urlparse(url)
query = parse_qs(parsed.query, keep_blank_values=False)
clean_query = {}

def is_blacklisted(k):
for bl_key in blacklisted_keys:
if bl_key.lower() in k.lower():
return True

for k, v in query.items():
if not is_blacklisted(k):
clean_query[k] = v

parsed = parsed._replace(query=urlencode(clean_query, True))
return urlunparse(parsed)

0 comments on commit 8661ba9

Please sign in to comment.