From fc65820f9e9a9a39434bbef3f5e9251436d9b458 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Thu, 25 Jun 2015 19:57:52 -0300 Subject: [bug] log contains exported PGP private key Due to #7139 (the logbook log centralizer) logs from 3rd party libs are included in the centralized logs with lots of debug information and we don't want that. We use the existing silencer to exclude logs that are not from leap modules. - Resolves: #7185 --- .../bug-7185_log-contains-exported-pgp-private-key | 1 + src/leap/bitmask/logs/log_silencer.py | 82 +++++++++++++++------- 2 files changed, 57 insertions(+), 26 deletions(-) create mode 100644 changes/bug-7185_log-contains-exported-pgp-private-key diff --git a/changes/bug-7185_log-contains-exported-pgp-private-key b/changes/bug-7185_log-contains-exported-pgp-private-key new file mode 100644 index 00000000..1515cc3a --- /dev/null +++ b/changes/bug-7185_log-contains-exported-pgp-private-key @@ -0,0 +1 @@ +- Log contains exported PGP Private Key. Closes bug #7185. diff --git a/src/leap/bitmask/logs/log_silencer.py b/src/leap/bitmask/logs/log_silencer.py index 540532cb..da95e9b1 100644 --- a/src/leap/bitmask/logs/log_silencer.py +++ b/src/leap/bitmask/logs/log_silencer.py @@ -18,24 +18,31 @@ Filter for leap logs. """ import os -import re from leap.bitmask.util import get_path_prefix class SelectiveSilencerFilter(object): """ - Configurable filter for root leap logger. + Configurable log filter for a Logbook logger. - If you want to ignore components from the logging, just add them, - one by line, to ~/.config/leap/leap.dev.conf + To include certain logs add them to: + ~/.config/leap/leap_log_inclusion.dev.conf + + To exclude certain logs add them to: + ~/.config/leap/leap_log_exclusion.dev.conf + + The log filtering is based on how the module name starts. + In case of no inclusion or exclusion files are detected the default rules + will be used. """ # TODO we can augment this by properly parsing the log-silencer file # and having different sections: ignore, levels, ... # TODO use ConfigParser to unify sections [log-ignore] [log-debug] etc - CONFIG_NAME = "leap.dev.conf" + INCLUSION_CONFIG_FILE = "leap_log_inclusion.dev.conf" + EXCLUSION_CONFIG_FILE = "leap_log_exclusion.dev.conf" # Components to be completely silenced in the main bitmask logs. # You probably should think twice before adding a component to @@ -43,36 +50,47 @@ class SelectiveSilencerFilter(object): # only in those cases in which we gain more from silencing them than from # having their logs into the main log file that the user will likely send # to us. - SILENCER_RULES = ( + EXCLUSION_RULES = ( 'leap.common.events', 'leap.common.decorators', ) + # This tuple list the module names that we want to display, any different + # namespace will be filtered out. + INCLUSION_RULES = ( + '__main__', + 'leap.', # right now we just want to include logs from leap modules + 'twisted.', + ) + def __init__(self): """ Tries to load silencer rules from the default path, or load from the SILENCER_RULES tuple if not found. """ - self.rules = None - if os.path.isfile(self._rules_path): - self.rules = self._load_rules() - if not self.rules: - self.rules = self.SILENCER_RULES - - @property - def _rules_path(self): - """ - The configuration file for custom ignore rules. - """ - return os.path.join(get_path_prefix(), "leap", self.CONFIG_NAME) + self._inclusion_path = os.path.join(get_path_prefix(), "leap", + self.INCLUSION_CONFIG_FILE) + + self._exclusion_path = os.path.join(get_path_prefix(), "leap", + self.EXCLUSION_CONFIG_FILE) + + self._load_rules() def _load_rules(self): """ - Loads a list of paths to be ignored from the logging. + Load the inclusion and exclusion rules from the config files. """ - lines = open(self._rules_path).readlines() - return map(lambda line: re.sub('\s', '', line), - lines) + try: + with open(self._inclusion_path) as f: + self._inclusion_rules = f.read().splitlines() + except IOError: + self._inclusion_rules = self.INCLUSION_RULES + + try: + with open(self._exclusion_path) as f: + self._exclusion_rules = f.read().splitlines() + except IOError: + self._exclusion_rules = self.EXCLUSION_RULES def filter(self, record, handler): """ @@ -83,13 +101,25 @@ class SelectiveSilencerFilter(object): :returns: a bool indicating whether the record should be logged or not. :rtype: bool """ - if not self.rules: - return True + if not self._inclusion_rules and not self._exclusion_rules: + return True # do not filter if there are no rules + logger_path = record.module if logger_path is None: - return True + return True # we can't filter if there is no module info - for path in self.rules: + # exclude paths that ARE NOT listed in ANY of the inclusion rules + match = False + for path in self._inclusion_rules: + if logger_path.startswith(path): + match = True + + if not match: + return False + + # exclude paths that ARE listed in the exclusion rules + for path in self._exclusion_rules: if logger_path.startswith(path): return False + return True -- cgit v1.2.3