From 15e6127a58a7441d2170a4426da9b7a3e2e7b5d1 Mon Sep 17 00:00:00 2001
From: Roald de Vries <rdevries@thoughtworks.com>
Date: Wed, 28 Sep 2016 14:05:25 -0300
Subject: remove private key from [gnupg] logs the right way

---
 service/pixelated/application.py   |  2 +-
 service/pixelated/config/logger.py | 21 +++++++++++++--------
 2 files changed, 14 insertions(+), 9 deletions(-)

(limited to 'service')

diff --git a/service/pixelated/application.py b/service/pixelated/application.py
index e5839803..15155386 100644
--- a/service/pixelated/application.py
+++ b/service/pixelated/application.py
@@ -115,7 +115,7 @@ def start_plugins():
         for p in getPlugins(ILogLineGenerator):
             logLine = p.getLogLine()
             if logLine is not None:
-                log.info(logLine)
+                log.debug(logLine)
 
     LoopingCall(logGeneratedLines).start(1)
 
diff --git a/service/pixelated/config/logger.py b/service/pixelated/config/logger.py
index a8000926..e28ceddd 100644
--- a/service/pixelated/config/logger.py
+++ b/service/pixelated/config/logger.py
@@ -19,19 +19,24 @@ import os
 from twisted.python import log
 
 
+class PrivateKeyFilter(logging.Filter):
+
+    def filter(self, record):
+        if '-----BEGIN PGP PRIVATE KEY BLOCK-----' in record.msg:
+            record.msg = '*** private key removed by %s.%s ***' % (type(self).__module__, type(self).__name__)
+        return True
+
+
 def init(debug=False):
     debug_enabled = debug or os.environ.get('DEBUG', False)
-    logging_level = logging.DEBUG if debug_enabled else logging.WARN
-    log_format = "%(asctime)s [%(name)s] %(levelname)s %(message)s"
-    date_format = '%Y-%m-%d %H:%M:%S'
+    logging_level = logging.DEBUG if debug_enabled else logging.INFO
 
     logging.basicConfig(level=logging_level,
-                        format=log_format,
-                        datefmt=date_format,
+                        format='%(asctime)s [%(name)s] %(levelname)s %(message)s',
+                        datefmt='%Y-%m-%d %H:%M:%S',
                         filemode='a')
 
+    logging.getLogger('gnupg').addFilter(PrivateKeyFilter())
+
     observer = log.PythonLoggingObserver()
-    # don't remove this line, it fix the PGP private key logged
-    logging.getLogger('gnupg').setLevel(logging.WARN)
-    logging.getLogger('pixelated').setLevel(logging.INFO)
     observer.start()
-- 
cgit v1.2.3