D6513: phabricator: auto-sanitise API tokens and HTTP cookies from VCR recordings
Kwan (Ian Moody)
phabricator at mercurial-scm.org
Tue Jun 11 18:56:45 UTC 2019
Kwan created this revision.
Herald added a subscriber: mercurial-devel.
Herald added a reviewer: hg-reviewers.
REVISION SUMMARY
Currently when making VCR recordings one needs to manually sanitise sensitive
credentials before committing and submitting them as part of tests. It is easy
to imagine this being accidentally missed one time by a fallible human and said
credentials being leaked. It is also possible that it wouldn't be noticed to
alert the user to the leak since the recording files are so large and
practically unreviewable. Thus do so automatically, so the only place that needs
checking is in the test-phabricator.t file.
REPOSITORY
rHG Mercurial
REVISION DETAIL
https://phab.mercurial-scm.org/D6513
AFFECTED FILES
hgext/phabricator.py
tests/test-phabricator.t
CHANGE DETAILS
diff --git a/tests/test-phabricator.t b/tests/test-phabricator.t
--- a/tests/test-phabricator.t
+++ b/tests/test-phabricator.t
@@ -15,8 +15,8 @@
> hgphab.prefix = phab.mercurial-scm.org
> # When working on the extension and making phabricator interaction
> # changes, edit this to be a real phabricator token. When done, edit
- > # it back, and make sure to also edit your VCR transcripts to match
- > # whatever value you put here.
+ > # it back. The VCR transcripts will be auto-sanitised to replace your real
+ > # token with this value.
> hgphab.phabtoken = cli-hahayouwish
> EOF
$ VCR="$TESTDIR/phabricator"
diff --git a/hgext/phabricator.py b/hgext/phabricator.py
--- a/hgext/phabricator.py
+++ b/hgext/phabricator.py
@@ -134,6 +134,19 @@
r2params = r2.body.split(b'&')
return set(r1params) == set(r2params)
+ def sanitiserequest(request):
+ request.body = re.sub(
+ r'cli-[a-z0-9]+',
+ r'cli-hahayouwish',
+ request.body
+ )
+ return request
+
+ def sanitiseresponse(response):
+ if r'set-cookie' in response[r'headers']:
+ del response[r'headers'][r'set-cookie']
+ return response
+
def decorate(fn):
def inner(*args, **kwargs):
cassette = pycompat.fsdecode(kwargs.pop(r'test_vcr', None))
@@ -144,6 +157,8 @@
import vcr.stubs as stubs
vcr = vcrmod.VCR(
serializer=r'json',
+ before_record_request=sanitiserequest,
+ before_record_response=sanitiseresponse,
custom_patches=[
(urlmod, r'httpconnection',
stubs.VCRHTTPConnection),
To: Kwan, #hg-reviewers
Cc: mercurial-devel
More information about the Mercurial-devel
mailing list