changeset 42459:d3c81439e2ee

phabricator: auto-sanitise API tokens and HTTP cookies from VCR recordings Currently when making VCR recordings one needs to manually sanitise sensitive credentials before committing and submitting them as part of tests. It is easy to imagine this being accidentally missed one time by a fallible human and said credentials being leaked. It is also possible that it wouldn't be noticed to alert the user to the leak since the recording files are so large and practically unreviewable. Thus do so automatically, so the only place that needs checking is in the test-phabricator.t file. Differential Revision: https://phab.mercurial-scm.org/D6513
author Ian Moody <moz-ian@perix.co.uk>
date Tue, 11 Jun 2019 19:37:19 +0100
parents c1bf63ac30c5
children f33d3ee110da
files hgext/phabricator.py tests/test-phabricator.t
diffstat 2 files changed, 17 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/hgext/phabricator.py	Tue Jun 11 15:46:07 2019 +0300
+++ b/hgext/phabricator.py	Tue Jun 11 19:37:19 2019 +0100
@@ -134,6 +134,19 @@
         r2params = r2.body.split(b'&')
         return set(r1params) == set(r2params)
 
+    def sanitiserequest(request):
+        request.body = re.sub(
+            r'cli-[a-z0-9]+',
+            r'cli-hahayouwish',
+            request.body
+        )
+        return request
+
+    def sanitiseresponse(response):
+        if r'set-cookie' in response[r'headers']:
+            del response[r'headers'][r'set-cookie']
+        return response
+
     def decorate(fn):
         def inner(*args, **kwargs):
             cassette = pycompat.fsdecode(kwargs.pop(r'test_vcr', None))
@@ -144,6 +157,8 @@
                     import vcr.stubs as stubs
                     vcr = vcrmod.VCR(
                         serializer=r'json',
+                        before_record_request=sanitiserequest,
+                        before_record_response=sanitiseresponse,
                         custom_patches=[
                             (urlmod, r'httpconnection',
                              stubs.VCRHTTPConnection),
--- a/tests/test-phabricator.t	Tue Jun 11 15:46:07 2019 +0300
+++ b/tests/test-phabricator.t	Tue Jun 11 19:37:19 2019 +0100
@@ -15,8 +15,8 @@
   > hgphab.prefix = phab.mercurial-scm.org
   > # When working on the extension and making phabricator interaction
   > # changes, edit this to be a real phabricator token. When done, edit
-  > # it back, and make sure to also edit your VCR transcripts to match
-  > # whatever value you put here.
+  > # it back. The VCR transcripts will be auto-sanitised to replace your real
+  > # token with this value.
   > hgphab.phabtoken = cli-hahayouwish
   > EOF
   $ VCR="$TESTDIR/phabricator"