Mercurial > public > mercurial-scm > hg-stable
diff hgext/phabricator.py @ 42459:d3c81439e2ee
phabricator: auto-sanitise API tokens and HTTP cookies from VCR recordings
Currently when making VCR recordings one needs to manually sanitise sensitive
credentials before committing and submitting them as part of tests. It is easy
to imagine this being accidentally missed one time by a fallible human and said
credentials being leaked. It is also possible that it wouldn't be noticed to
alert the user to the leak since the recording files are so large and
practically unreviewable. Thus do so automatically, so the only place that needs
checking is in the test-phabricator.t file.
Differential Revision: https://phab.mercurial-scm.org/D6513
| author | Ian Moody <moz-ian@perix.co.uk> |
|---|---|
| date | Tue, 11 Jun 2019 19:37:19 +0100 |
| parents | 16312ea45a8b |
| children | f33d3ee110da |
line wrap: on
line diff
--- a/hgext/phabricator.py Tue Jun 11 15:46:07 2019 +0300 +++ b/hgext/phabricator.py Tue Jun 11 19:37:19 2019 +0100 @@ -134,6 +134,19 @@ r2params = r2.body.split(b'&') return set(r1params) == set(r2params) + def sanitiserequest(request): + request.body = re.sub( + r'cli-[a-z0-9]+', + r'cli-hahayouwish', + request.body + ) + return request + + def sanitiseresponse(response): + if r'set-cookie' in response[r'headers']: + del response[r'headers'][r'set-cookie'] + return response + def decorate(fn): def inner(*args, **kwargs): cassette = pycompat.fsdecode(kwargs.pop(r'test_vcr', None)) @@ -144,6 +157,8 @@ import vcr.stubs as stubs vcr = vcrmod.VCR( serializer=r'json', + before_record_request=sanitiserequest, + before_record_response=sanitiseresponse, custom_patches=[ (urlmod, r'httpconnection', stubs.VCRHTTPConnection),