Mercurial > hg
comparison hgext/phabricator.py @ 42443:d3c81439e2ee
phabricator: auto-sanitise API tokens and HTTP cookies from VCR recordings
Currently when making VCR recordings one needs to manually sanitise sensitive
credentials before committing and submitting them as part of tests. It is easy
to imagine this being accidentally missed one time by a fallible human and said
credentials being leaked. It is also possible that it wouldn't be noticed to
alert the user to the leak since the recording files are so large and
practically unreviewable. Thus do so automatically, so the only place that needs
checking is in the test-phabricator.t file.
Differential Revision: https://phab.mercurial-scm.org/D6513
| author | Ian Moody <moz-ian@perix.co.uk> |
|---|---|
| date | Tue, 11 Jun 2019 19:37:19 +0100 |
| parents | 16312ea45a8b |
| children | f33d3ee110da |
comparison
equal
deleted
inserted
replaced
| 42442:c1bf63ac30c5 | 42443:d3c81439e2ee |
|---|---|
| 132 return False | 132 return False |
| 133 r1params = r1.body.split(b'&') | 133 r1params = r1.body.split(b'&') |
| 134 r2params = r2.body.split(b'&') | 134 r2params = r2.body.split(b'&') |
| 135 return set(r1params) == set(r2params) | 135 return set(r1params) == set(r2params) |
| 136 | 136 |
| 137 def sanitiserequest(request): | |
| 138 request.body = re.sub( | |
| 139 r'cli-[a-z0-9]+', | |
| 140 r'cli-hahayouwish', | |
| 141 request.body | |
| 142 ) | |
| 143 return request | |
| 144 | |
| 145 def sanitiseresponse(response): | |
| 146 if r'set-cookie' in response[r'headers']: | |
| 147 del response[r'headers'][r'set-cookie'] | |
| 148 return response | |
| 149 | |
| 137 def decorate(fn): | 150 def decorate(fn): |
| 138 def inner(*args, **kwargs): | 151 def inner(*args, **kwargs): |
| 139 cassette = pycompat.fsdecode(kwargs.pop(r'test_vcr', None)) | 152 cassette = pycompat.fsdecode(kwargs.pop(r'test_vcr', None)) |
| 140 if cassette: | 153 if cassette: |
| 141 import hgdemandimport | 154 import hgdemandimport |
| 142 with hgdemandimport.deactivated(): | 155 with hgdemandimport.deactivated(): |
| 143 import vcr as vcrmod | 156 import vcr as vcrmod |
| 144 import vcr.stubs as stubs | 157 import vcr.stubs as stubs |
| 145 vcr = vcrmod.VCR( | 158 vcr = vcrmod.VCR( |
| 146 serializer=r'json', | 159 serializer=r'json', |
| 160 before_record_request=sanitiserequest, | |
| 161 before_record_response=sanitiseresponse, | |
| 147 custom_patches=[ | 162 custom_patches=[ |
| 148 (urlmod, r'httpconnection', | 163 (urlmod, r'httpconnection', |
| 149 stubs.VCRHTTPConnection), | 164 stubs.VCRHTTPConnection), |
| 150 (urlmod, r'httpsconnection', | 165 (urlmod, r'httpsconnection', |
| 151 stubs.VCRHTTPSConnection), | 166 stubs.VCRHTTPSConnection), |