From 56a9c55a3f2919d0dcc93639c23df169aafc240a Mon Sep 17 00:00:00 2001
From: Mehdi Abaakouk <mehdi.abaakouk@enovance.com>
Date: Wed, 24 Sep 2014 17:18:39 +0200
Subject: [PATCH] safe_log Sanitize Passwords in List of Dicts

Sanitizes password fields found in lists of dicts for messages
before logging.

This change uses oslo.utils.strutils.mask_password to do it.

Change-Id: I7cd1e53e2ced7ebf9c5942b7a0dbbeb991acab4d
Closes-Bug: #1268459
---
 oslo/messaging/_drivers/common.py | 18 ++----------------
 1 file changed, 2 insertions(+), 16 deletions(-)

diff --git a/oslo/messaging/_drivers/common.py b/oslo/messaging/_drivers/common.py
index 4d0b7a1e7..fa21a437d 100644
--- a/oslo/messaging/_drivers/common.py
+++ b/oslo/messaging/_drivers/common.py
@@ -27,6 +27,7 @@ from oslo import messaging
 from oslo.messaging._i18n import _
 from oslo.messaging import _utils as utils
 from oslo.serialization import jsonutils
+from oslo.utils import strutils
 
 LOG = logging.getLogger(__name__)
 
@@ -70,8 +71,6 @@ _MESSAGE_KEY = 'oslo.message'
 
 _REMOTE_POSTFIX = '_Remote'
 
-_SANITIZE = ['_context_auth_token', 'auth_token', 'new_pass']
-
 
 class RPCException(Exception):
     msg_fmt = _("An unknown RPC related exception occurred.")
@@ -162,22 +161,9 @@ class Connection(object):
         raise NotImplementedError()
 
 
-def _fix_passwords(d):
-    """Sanitizes the password fields in the dictionary."""
-    for k in six.iterkeys(d):
-        if k.lower().find('password') != -1:
-            d[k] = '<SANITIZED>'
-        elif k.lower() in _SANITIZE:
-            d[k] = '<SANITIZED>'
-        elif isinstance(d[k], dict):
-            _fix_passwords(d[k])
-
-    return d
-
-
 def _safe_log(log_func, msg, msg_data):
     """Sanitizes the msg_data field before logging."""
-    return log_func(msg, _fix_passwords(copy.deepcopy(msg_data)))
+    return log_func(msg, strutils.mask_password(six.text_type(msg_data)))
 
 
 def serialize_remote_exception(failure_info, log_failure=True):