feat: Sanitize proxy credentials

Closes: SDK-2823
box · Dec 21, 2022 · 44c82cf · 44c82cf
1 parent 8d218c3
commit 44c82cf
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/boxsdk/util/log.py b/boxsdk/util/log.py
@@ -1,4 +1,5 @@
 import logging
+import re
 import sys
 
 from collections.abc import Mapping
@@ -25,6 +26,11 @@ class Logging:
         'password',
     )
 
+    PROXY_KEYS_TO_SANITIZE = (
+        'http',
+        'https',
+    )
+
     def setup_logging(self, stream_or_file=_no_logger, debug=False, name=None):
         if not self._has_setup:
             self._has_setup = True
@@ -43,13 +49,23 @@ def _setup_logging(stream_or_file=_no_logger, debug=False, name=None):
     def sanitize_value(value):
         return f'---{value[-4:]}'
 
-    def sanitize_dictionary(self, dictionary):
+    @staticmethod
+    def sanitize_proxy_value(value: str) -> str:
+        return re.sub(
+            '^(.*://)(.*):(.*)(@.*)$',
+            lambda repl: f'{repl.group(1)}{Logging.sanitize_value(repl.group(2))}:{Logging.sanitize_value(repl.group(3))}{repl.group(4)}',
+            value
+        )
+
+    def sanitize_dictionary(self, dictionary: Mapping) -> Mapping:
         if not isinstance(dictionary, Mapping):
             return dictionary
         sanitized_dictionary = {}
         for key, value in dictionary.items():
             if key in self.KEYS_TO_SANITIZE and isinstance(value, str):
                 sanitized_dictionary[key] = self.sanitize_value(value)
+            elif key in self.PROXY_KEYS_TO_SANITIZE and isinstance(value, str):
+                sanitized_dictionary[key] = self.sanitize_proxy_value(value)
             elif isinstance(value, Mapping):
                 sanitized_dictionary[key] = self.sanitize_dictionary(value)
             else:

diff --git a/test/unit/util/test_log.py b/test/unit/util/test_log.py
@@ -102,6 +102,16 @@ def test_setup_logging_is_reentrant(mock_logger):
             {'download_url': None},
             {'download_url': None},
         ),
+        # Test for proxy http
+        (
+            {'http': 'http://username:password@localhost:8080'},
+            {'http': 'http://---name:---word@localhost:8080'},
+        ),
+        # Test for proxy https
+        (
+            {'https': 'http://username:password@localhost:8080'},
+            {'https': 'http://---name:---word@localhost:8080'},
+        ),
     ]
 )
 def test_sanitize_dictionary_correctly_sanitizes_params(mock_logger, unsanitized_dict, expected_result):