]> git.ipfire.org Git - thirdparty/suricata-update.git/commitdiff
logging: add secret masking
authorJason Ish <ish@unx.ca>
Tue, 28 Nov 2017 22:44:47 +0000 (16:44 -0600)
committerJason Ish <ish@unx.ca>
Wed, 29 Nov 2017 01:36:24 +0000 (19:36 -0600)
Allows strings to be registered that will be masked
in the log output.

suricata/update/loghandler.py

index cf460a382165463d94874b3814a8e217e72b38ce..d98577767478f94dde538ef28767b8da106a259a 100644 (file)
 import logging
 import time
 
+# A list of secrets that will be replaced in the log output.
+secrets = {}
+
+def add_secret(secret, replacement):
+    """Register a secret to be masked. The secret will be replaced with:
+           <replacement>
+    """
+    secrets[str(secret)] = str(replacement)
+
 class SuriColourLogHandler(logging.StreamHandler):
     """An alternative stream log handler that logs with Suricata inspired
     log colours."""
@@ -61,5 +70,10 @@ class SuriColourLogHandler(logging.StreamHandler):
             record.levelname.title(),
             self.RESET,
             message_prefix,
-            record.getMessage(),
+            self.mask_secrets(record.getMessage()),
             self.RESET))
+
+    def mask_secrets(self, msg):
+        for secret in secrets:
+            msg = msg.replace(secret, "<%s>" % secrets[secret])
+        return msg