)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"9cceeb8e4d4a299527d26a421f04c4fadfbfdaef","unresolved":true,"context_lines":[{"line_number":15,"context_line":"something obscured, they can either use:"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"  obscure_map_append_param(env, param_key)"},{"line_number":18,"context_line":"  obscure_map_append_header(env, header_key)"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"To add it to the environments obscure map. The tempurl calls the former"},{"line_number":21,"context_line":"to add the signature param."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"c866aba0_022bb5cb","line":18,"updated":"2022-01-04 20:51:35.000000000","message":"I\u0027m digging the generalized API -- should be downright trivial to fix up s3api now.","commit_id":"51ce5063ce8a5cd1be12688476e0404de8def9a4"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"d8c1a53105b167edaf33afc4d262524cd8b06155","unresolved":false,"context_lines":[{"line_number":15,"context_line":"something obscured, they can either use:"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"  obscure_map_append_param(env, param_key)"},{"line_number":18,"context_line":"  obscure_map_append_header(env, header_key)"},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"To add it to the environments obscure map. The tempurl calls the former"},{"line_number":21,"context_line":"to add the signature param."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"9dd1b8bb_e5376887","line":18,"in_reply_to":"c866aba0_022bb5cb","updated":"2022-01-11 22:58:07.000000000","message":"Ack","commit_id":"51ce5063ce8a5cd1be12688476e0404de8def9a4"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"9cceeb8e4d4a299527d26a421f04c4fadfbfdaef","unresolved":true,"context_lines":[{"line_number":31,"context_line":"the logs:"},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"- if eventlet_debug is enabled in the proxy"},{"line_number":34,"context_line":"- if a tempurl sig/expires combination is invalid"},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Closes-Bug: #1685798"},{"line_number":37,"context_line":"Change-Id: I88b8cfd30292325e0870029058da6fb38026ae1a"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"b80f0fd6_0184ad05","line":34,"updated":"2022-01-04 20:51:35.000000000","message":"Is that still true? I thought we always update the obscure_map now...\n\nThough I\u0027m still a little nervous about the possibility that a request could get rejected somewhere between proxy-logging and tempurl. (ratelimit, maybe?)\n\nMaybe we want an API closer to register_swift_info (register_sensitive_header and register_sensitive_param?), where we just call it once during application start-up.","commit_id":"51ce5063ce8a5cd1be12688476e0404de8def9a4"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"d8c1a53105b167edaf33afc4d262524cd8b06155","unresolved":false,"context_lines":[{"line_number":31,"context_line":"the logs:"},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"- if eventlet_debug is enabled in the proxy"},{"line_number":34,"context_line":"- if a tempurl sig/expires combination is invalid"},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Closes-Bug: #1685798"},{"line_number":37,"context_line":"Change-Id: I88b8cfd30292325e0870029058da6fb38026ae1a"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"d463dea8_2da9695f","line":34,"in_reply_to":"b80f0fd6_0184ad05","updated":"2022-01-11 22:58:07.000000000","message":"Done","commit_id":"51ce5063ce8a5cd1be12688476e0404de8def9a4"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"708b11a1d0cb007ef83f59d700427c0a174398bb","unresolved":true,"context_lines":[{"line_number":20,"context_line":"instantiating the middleware, authors can call either:"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"   register_sensitive_header(\u0027case-insensitive-header-name\u0027)"},{"line_number":23,"context_line":"   register_sensitive_param(\u0027case-sensitive-query-param-name\u0027)"},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"to add items that should be redacted. The redaction uses proxy-logging\u0027s"},{"line_number":26,"context_line":"existing reveal_sensitive_prefix config option to determine how much to"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"4ebcab84_f811a49e","line":23,"updated":"2022-01-10 19:56:15.000000000","message":"This difference in case-sensitivity is a little odd... but I\u0027m not sure it\u0027s readily avoidable.","commit_id":"315cc467e051bdb549b3a5d5703f7017fef03520"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"708b11a1d0cb007ef83f59d700427c0a174398bb","unresolved":true,"context_lines":[{"line_number":35,"context_line":"operators should review their currently-configured value to ensure it"},{"line_number":36,"context_line":"is appropriate for these new contexts. In particular, operators should"},{"line_number":37,"context_line":"consider reducing the value if it is more than 20 or so, even if that"},{"line_number":38,"context_line":"previously offered sufficient protection for auth tokens."},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"Closes-Bug: #1685798"},{"line_number":41,"context_line":"Change-Id: I88b8cfd30292325e0870029058da6fb38026ae1a"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"d45777d1_fcc2b37d","line":38,"updated":"2022-01-10 19:56:15.000000000","message":"I *think* this is reasonable advice to offer with the change.","commit_id":"315cc467e051bdb549b3a5d5703f7017fef03520"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"874cac0328e0b2b99538cedb6d474e9696f8df92","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"763a2c79_c170df70","updated":"2022-01-04 21:35:46.000000000","message":"Tried out my idea to have an API closer to register_swift_info in https://review.opendev.org/c/openstack/swift/+/823432 -- I think I like it!\n\nThe single reveal_sensitive_prefix value is a little annoying, though -- with the s3api change, you start seeing things like\n\n Authorization:%20AWS%20test:tester:...\n Authorization:%20AWS4-HMAC-SHA256...\n X-Amz-Signature%3De24c3de4b9298b6e...\n\nonly one of which actually reveals any sensitive info.","commit_id":"51ce5063ce8a5cd1be12688476e0404de8def9a4"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"5b8a251c900118fa1be1c43fced89802a55dbdf0","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"0a094577_95930fa5","updated":"2022-01-04 19:46:22.000000000","message":"recheck\n\nLooks like those timeouts must\u0027ve been subtly different from the ones fixed by https://review.opendev.org/c/openstack/swift/+/822304","commit_id":"51ce5063ce8a5cd1be12688476e0404de8def9a4"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"69ccbbbf4429ca689d6d43f0f1fd2c1bc52e204d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"bf11ccb1_39bfc2f5","updated":"2021-12-22 05:30:01.000000000","message":"this is a rework of https://review.opendev.org/c/openstack/swift/+/817476 but moves obscuring to the proxy_logging middleware.","commit_id":"51ce5063ce8a5cd1be12688476e0404de8def9a4"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"edc7154ef2f21ea3b55f46445a87df0b5c0d8612","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"9e425691_54cf2bb3","updated":"2022-01-21 00:22:10.000000000","message":"Created a follow up to take a look at what moving it to a new module would look like. There is a bit of churn, but does look cleaner. But much more to review. Should I sqaush in down?\n\nhttps://review.opendev.org/c/openstack/swift/+/825694","commit_id":"b5fc3db3b947b34700dd9aaabb29c5a4a34b76af"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"908976d5d9cb5c1afa649885577d2812d1f793a1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"81384f54_055db8e5","updated":"2022-01-12 05:22:37.000000000","message":"Nice thanks for pushing squashing that in and cleaning it up tim!","commit_id":"b5fc3db3b947b34700dd9aaabb29c5a4a34b76af"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"ca8fd9042e2b04c6413dad2d6f30b8337d59514a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"3cc43272_a57ef7c4","updated":"2022-01-20 17:41:04.000000000","message":"just a partial review for now\n\nas a follow on, adding something about this pattern to the middleware docs would be good","commit_id":"b5fc3db3b947b34700dd9aaabb29c5a4a34b76af"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"f0e36d1f725daf83ffde6f6f1bb2b4c7a7d1fc0f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"63c7a835_d16e3212","updated":"2022-02-02 21:49:32.000000000","message":"In IRC meeting we agreed to make the code location change (Matt\u0027s follow up) a parent of this so all the register functions go into a new module","commit_id":"e7206a6871cbb1b6b4b1ccdf7046155ae242ca24"},{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"e601dc0a101939455deb5c74c35e4d0de91e81ce","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"930a7a87_9c046727","updated":"2022-02-03 06:06:13.000000000","message":"Swapped the order, as talked about at the meeting (and as mentioned by Al).","commit_id":"0f140de5eaec029bf2e4d3432ae06a41f55ffc75"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"954329ef2d1b57ac68fe1d7198205d53460bc0c3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"f903f870_d87002bc","updated":"2022-02-03 15:20:33.000000000","message":"the new unit test in test_tempurl went missing in the last rebase, will fix.","commit_id":"0f140de5eaec029bf2e4d3432ae06a41f55ffc75"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"5251ea6b70e024a49529d576d1c8890882b328f6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"46fc578c_6e1d9ad4","updated":"2022-02-03 15:30:51.000000000","message":"pushed some test fixes","commit_id":"77ea2ff089a4d6c38d5b7a0c43ac4794f8bb4e5b"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"2d651725f17a7742347d3f65ed14d3439e9f4b56","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"f11055d7_542386d3","updated":"2022-02-03 21:33:27.000000000","message":"recheck","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"0c0562b92ff0bc58c0eaf27854483a654aac83af","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"a760141f_f5bfc1f8","updated":"2022-02-07 17:52:35.000000000","message":"recheck","commit_id":"70f90b51e4407d1933c36a9119440f733c119d56"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"99e1139531782fc2353c08351c620e8d4c179f5c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"add8ffa1_1b3e56de","updated":"2022-02-07 23:45:23.000000000","message":"recheck","commit_id":"70f90b51e4407d1933c36a9119440f733c119d56"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"951b4d0edf7a0186d8d11e9afc81e2af65ff0454","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"59489083_0254b1de","updated":"2022-02-09 21:38:05.000000000","message":"Now to get the lower-constraints job fixed ;-)","commit_id":"f2c279bae94689e2062beb6d0030d168a0b4cbdf"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"8b46d009c01d894f6f2b1f3f253922520ba0a671","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"559069c6_1768b66a","updated":"2022-02-09 10:56:54.000000000","message":"oops, -1 vote landed on wrong patchset","commit_id":"f2c279bae94689e2062beb6d0030d168a0b4cbdf"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"4f0983896cdcced558d20cd98eb79532929e5d7a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"167920c4_09c9387f","updated":"2022-02-10 09:26:46.000000000","message":"recheck","commit_id":"f2c279bae94689e2062beb6d0030d168a0b4cbdf"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"7b2bd8f6d1b33458c8b6acf036d99e68ec0983b1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"23d785bb_0949eae8","updated":"2022-02-10 05:01:13.000000000","message":"recheck","commit_id":"f2c279bae94689e2062beb6d0030d168a0b4cbdf"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"2420bbe188f260d5d28fc741577555d291d9c82f","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"820a5132_79f555d0","updated":"2022-02-10 00:47:14.000000000","message":"recheck","commit_id":"f2c279bae94689e2062beb6d0030d168a0b4cbdf"}],"etc/proxy-server.conf-sample":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"9cceeb8e4d4a299527d26a421f04c4fadfbfdaef","unresolved":true,"context_lines":[{"line_number":942,"context_line":"# logfiles, but should be sufficient for debugging purposes. If you want to"},{"line_number":943,"context_line":"# keep more chars or even the full 40 chars long signature, you can set this"},{"line_number":944,"context_line":"# using reveal_sensitive_prefix."},{"line_number":945,"context_line":"# reveal_sensitive_prefix \u003d 8"},{"line_number":946,"context_line":""},{"line_number":947,"context_line":"# Note: Put formpost just before your auth filter(s) in the pipeline"},{"line_number":948,"context_line":"[filter:formpost]"}],"source_content_type":"application/octet-stream","patch_set":1,"id":"3f450ed4_dcbe4488","line":945,"updated":"2022-01-04 20:51:35.000000000","message":"This option is no longer added, yeah? We\u0027re piggy-backing off reveal_sensitive_prefix in proxy-logging now.","commit_id":"51ce5063ce8a5cd1be12688476e0404de8def9a4"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"d8c1a53105b167edaf33afc4d262524cd8b06155","unresolved":false,"context_lines":[{"line_number":942,"context_line":"# logfiles, but should be sufficient for debugging purposes. If you want to"},{"line_number":943,"context_line":"# keep more chars or even the full 40 chars long signature, you can set this"},{"line_number":944,"context_line":"# using reveal_sensitive_prefix."},{"line_number":945,"context_line":"# reveal_sensitive_prefix \u003d 8"},{"line_number":946,"context_line":""},{"line_number":947,"context_line":"# Note: Put formpost just before your auth filter(s) in the pipeline"},{"line_number":948,"context_line":"[filter:formpost]"}],"source_content_type":"application/octet-stream","patch_set":1,"id":"fe14c848_accbe21e","line":945,"in_reply_to":"3f450ed4_dcbe4488","updated":"2022-01-11 22:58:07.000000000","message":"Done","commit_id":"51ce5063ce8a5cd1be12688476e0404de8def9a4"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"9cceeb8e4d4a299527d26a421f04c4fadfbfdaef","unresolved":true,"context_lines":[{"line_number":1009,"context_line":"# by \u0027...\u0027 in the log)."},{"line_number":1010,"context_line":"# Note: reveal_sensitive_prefix will not affect the value"},{"line_number":1011,"context_line":"# logged with access_log_headers\u003dTrue."},{"line_number":1012,"context_line":"# reveal_sensitive_prefix \u003d 16"},{"line_number":1013,"context_line":"#"},{"line_number":1014,"context_line":"# What HTTP methods are allowed for StatsD logging (comma-sep); request methods"},{"line_number":1015,"context_line":"# not in this list will have \"BAD_METHOD\" for the \u003cverb\u003e portion of the metric."}],"source_content_type":"application/octet-stream","patch_set":1,"id":"31c0b67a_8d5055ba","line":1012,"updated":"2022-01-04 20:51:35.000000000","message":"I wonder if 16 may be too long a default now...\n\nOur SHA1 signatures are the biggest problem, as they\u0027re only 160 bits. With the hex encoding, we\u0027re exposing 48 bits; with the \"sha1:\u003cbase64 digest\u003e\" encoding it goes up to 66 bits.\n\nMaybe I ought to push on https://review.opendev.org/c/openstack/swift/+/525771 again to deprecate SHA1 support...","commit_id":"51ce5063ce8a5cd1be12688476e0404de8def9a4"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"708b11a1d0cb007ef83f59d700427c0a174398bb","unresolved":true,"context_lines":[{"line_number":1002,"context_line":"# remainder replaced by \u0027...\u0027 in the log. Set reveal_sensitive_prefix to the"},{"line_number":1003,"context_line":"# number of characters to log.  Set to 0 to suppress the values entirely; set"},{"line_number":1004,"context_line":"# to something large (1000, say) to write full values. Note that some values"},{"line_number":1005,"context_line":"# may start appearing in full at 32."},{"line_number":1006,"context_line":"# reveal_sensitive_prefix \u003d 16"},{"line_number":1007,"context_line":"#"},{"line_number":1008,"context_line":"# What HTTP methods are allowed for StatsD logging (comma-sep); request methods"}],"source_content_type":"application/octet-stream","patch_set":2,"id":"5479613f_a4261616","line":1005,"updated":"2022-01-10 19:56:15.000000000","message":"Hopefully this extra context is useful rather than confusing?","commit_id":"315cc467e051bdb549b3a5d5703f7017fef03520"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"e16297ed07372156e9a5f319d126c71b9ab563a9","unresolved":true,"context_lines":[{"line_number":1005,"context_line":"#   * X-Auth-Token header"},{"line_number":1006,"context_line":"#   * temp_url_sig query parameter"},{"line_number":1007,"context_line":"#   * Authorization header"},{"line_number":1008,"context_line":"#   * X-Amz-Siignature query parameter"},{"line_number":1009,"context_line":"# To prevent an unauthorize access of the log file leading to an unauthorized"},{"line_number":1010,"context_line":"# access of cluster data, only a portion of these values are written, with the"},{"line_number":1011,"context_line":"# remainder replaced by \u0027...\u0027 in the log. Set reveal_sensitive_prefix to the"}],"source_content_type":"application/octet-stream","patch_set":9,"id":"3464bc60_a36ab174","line":1008,"range":{"start_line":1008,"start_character":12,"end_line":1008,"end_character":22},"updated":"2022-02-04 06:17:12.000000000","message":"Signature","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"4da04ac532a19f78b3aa2474584a32ad5a010255","unresolved":false,"context_lines":[{"line_number":1005,"context_line":"#   * X-Auth-Token header"},{"line_number":1006,"context_line":"#   * temp_url_sig query parameter"},{"line_number":1007,"context_line":"#   * Authorization header"},{"line_number":1008,"context_line":"#   * X-Amz-Siignature query parameter"},{"line_number":1009,"context_line":"# To prevent an unauthorize access of the log file leading to an unauthorized"},{"line_number":1010,"context_line":"# access of cluster data, only a portion of these values are written, with the"},{"line_number":1011,"context_line":"# remainder replaced by \u0027...\u0027 in the log. Set reveal_sensitive_prefix to the"}],"source_content_type":"application/octet-stream","patch_set":9,"id":"030035c9_8432da49","line":1008,"range":{"start_line":1008,"start_character":12,"end_line":1008,"end_character":22},"in_reply_to":"3464bc60_a36ab174","updated":"2022-02-04 20:39:06.000000000","message":"Done","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"e16297ed07372156e9a5f319d126c71b9ab563a9","unresolved":true,"context_lines":[{"line_number":1006,"context_line":"#   * temp_url_sig query parameter"},{"line_number":1007,"context_line":"#   * Authorization header"},{"line_number":1008,"context_line":"#   * X-Amz-Siignature query parameter"},{"line_number":1009,"context_line":"# To prevent an unauthorize access of the log file leading to an unauthorized"},{"line_number":1010,"context_line":"# access of cluster data, only a portion of these values are written, with the"},{"line_number":1011,"context_line":"# remainder replaced by \u0027...\u0027 in the log. Set reveal_sensitive_prefix to the"},{"line_number":1012,"context_line":"# number of characters to log.  Set to 0 to suppress the values entirely; set"}],"source_content_type":"application/octet-stream","patch_set":9,"id":"e8d79afe_906e64bb","line":1009,"range":{"start_line":1009,"start_character":16,"end_line":1009,"end_character":27},"updated":"2022-02-04 06:17:12.000000000","message":"unauthorized","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"4da04ac532a19f78b3aa2474584a32ad5a010255","unresolved":false,"context_lines":[{"line_number":1006,"context_line":"#   * temp_url_sig query parameter"},{"line_number":1007,"context_line":"#   * Authorization header"},{"line_number":1008,"context_line":"#   * X-Amz-Siignature query parameter"},{"line_number":1009,"context_line":"# To prevent an unauthorize access of the log file leading to an unauthorized"},{"line_number":1010,"context_line":"# access of cluster data, only a portion of these values are written, with the"},{"line_number":1011,"context_line":"# remainder replaced by \u0027...\u0027 in the log. Set reveal_sensitive_prefix to the"},{"line_number":1012,"context_line":"# number of characters to log.  Set to 0 to suppress the values entirely; set"}],"source_content_type":"application/octet-stream","patch_set":9,"id":"f564cc5d_b58ef25e","line":1009,"range":{"start_line":1009,"start_character":16,"end_line":1009,"end_character":27},"in_reply_to":"e8d79afe_906e64bb","updated":"2022-02-04 20:39:06.000000000","message":"Done","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"}],"swift/common/middleware/proxy_logging.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"9cceeb8e4d4a299527d26a421f04c4fadfbfdaef","unresolved":true,"context_lines":[{"line_number":220,"context_line":"            new_params \u003d ["},{"line_number":221,"context_line":"                (k, self.obscure_sensitive(v) if k in obscure_params else v)"},{"line_number":222,"context_line":"                for k, v in req.params.items()]"},{"line_number":223,"context_line":"            req.params \u003d new_params"},{"line_number":224,"context_line":""},{"line_number":225,"context_line":"    def log_request(self, req, status_int, bytes_received, bytes_sent,"},{"line_number":226,"context_line":"                    start_time, end_time, resp_headers\u003dNone, ttfb\u003d0,"}],"source_content_type":"text/x-python","patch_set":1,"id":"fbe17282_b9092851","line":223,"updated":"2022-01-04 20:51:35.000000000","message":"Seems like it\u0027d be roughly the same level of effort to just always do this...\n\nIf we *really* want to avoid the re-serialization overhead when possible, something like\n\n obscure_params \u003d obscure_map.get(\u0027params\u0027, [])\n new_params \u003d []\n any_obscured \u003d False\n for k, v in req.params.items():\n     if k in obscure_params:\n         new_params.append((k, self.obscure_sensitive(v)))\n         any_obscured \u003d True\n     else:\n         new_params.append((k, v))\n if any_obscured:\n     req.params \u003d new_params\n\nwould avoid the current double-deserialization. (I\u0027m still torn about req.param ... it\u0027s heavier weight than I typically like for a property...)","commit_id":"51ce5063ce8a5cd1be12688476e0404de8def9a4"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"d8c1a53105b167edaf33afc4d262524cd8b06155","unresolved":false,"context_lines":[{"line_number":220,"context_line":"            new_params \u003d ["},{"line_number":221,"context_line":"                (k, self.obscure_sensitive(v) if k in obscure_params else v)"},{"line_number":222,"context_line":"                for k, v in req.params.items()]"},{"line_number":223,"context_line":"            req.params \u003d new_params"},{"line_number":224,"context_line":""},{"line_number":225,"context_line":"    def log_request(self, req, status_int, bytes_received, bytes_sent,"},{"line_number":226,"context_line":"                    start_time, end_time, resp_headers\u003dNone, ttfb\u003d0,"}],"source_content_type":"text/x-python","patch_set":1,"id":"52865536_8c01b4a9","line":223,"in_reply_to":"fbe17282_b9092851","updated":"2022-01-11 22:58:07.000000000","message":"Done","commit_id":"51ce5063ce8a5cd1be12688476e0404de8def9a4"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"ca8fd9042e2b04c6413dad2d6f30b8337d59514a","unresolved":true,"context_lines":[{"line_number":198,"context_line":"        env[\u0027swift.proxy_access_log_made\u0027] \u003d True"},{"line_number":199,"context_line":""},{"line_number":200,"context_line":"    def obscure_sensitive(self, value):"},{"line_number":201,"context_line":"        if value and len(value) \u003e self.reveal_sensitive_prefix:"},{"line_number":202,"context_line":"            return value[:self.reveal_sensitive_prefix] + \u0027...\u0027"},{"line_number":203,"context_line":"        return value"},{"line_number":204,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"8fd955ee_225a91d1","line":201,"range":{"start_line":201,"start_character":34,"end_line":201,"end_character":62},"updated":"2022-01-20 17:41:04.000000000","message":"should we have some backstop such that sensitive items always have some characters redacted even when shorter than the configured value?\n\ne.g. truncate to min(self.reveal_sensitive_prefix, len(value)/2)\n\nwe could allow a reveal_sensitive_prefix value of -1 to override and effectively disable obscuring for debug","commit_id":"b5fc3db3b947b34700dd9aaabb29c5a4a34b76af"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"951b4d0edf7a0186d8d11e9afc81e2af65ff0454","unresolved":false,"context_lines":[{"line_number":198,"context_line":"        env[\u0027swift.proxy_access_log_made\u0027] \u003d True"},{"line_number":199,"context_line":""},{"line_number":200,"context_line":"    def obscure_sensitive(self, value):"},{"line_number":201,"context_line":"        if value and len(value) \u003e self.reveal_sensitive_prefix:"},{"line_number":202,"context_line":"            return value[:self.reveal_sensitive_prefix] + \u0027...\u0027"},{"line_number":203,"context_line":"        return value"},{"line_number":204,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"e6e6730f_2dc8d39c","line":201,"range":{"start_line":201,"start_character":34,"end_line":201,"end_character":62},"in_reply_to":"8fd955ee_225a91d1","updated":"2022-02-09 21:38:05.000000000","message":"Potential future enhancement; out of scope for now.","commit_id":"b5fc3db3b947b34700dd9aaabb29c5a4a34b76af"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"ca8fd9042e2b04c6413dad2d6f30b8337d59514a","unresolved":true,"context_lines":[{"line_number":465,"context_line":"    conf \u003d global_conf.copy()"},{"line_number":466,"context_line":"    conf.update(local_conf)"},{"line_number":467,"context_line":""},{"line_number":468,"context_line":"    register_sensitive_header(\u0027x-auth-token\u0027)"},{"line_number":469,"context_line":""},{"line_number":470,"context_line":"    def proxy_logger(app):"},{"line_number":471,"context_line":"        return ProxyLoggingMiddleware(app, conf)"}],"source_content_type":"text/x-python","patch_set":3,"id":"6df76a69_50cef8f5","line":468,"updated":"2022-01-20 17:41:04.000000000","message":"given the new pattern, this would logically be called from the auth middlewares...but to be safe (for any 3rd party auth that currently benefits from x-auth-token being obscured) we should probably special case this and leave it here, or somewhere in tree, but comment that it is a special case","commit_id":"b5fc3db3b947b34700dd9aaabb29c5a4a34b76af"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"fdc0cb1f5ac50c37e99736eb9bbad4a3ce1aec5f","unresolved":false,"context_lines":[{"line_number":465,"context_line":"    conf \u003d global_conf.copy()"},{"line_number":466,"context_line":"    conf.update(local_conf)"},{"line_number":467,"context_line":""},{"line_number":468,"context_line":"    register_sensitive_header(\u0027x-auth-token\u0027)"},{"line_number":469,"context_line":""},{"line_number":470,"context_line":"    def proxy_logger(app):"},{"line_number":471,"context_line":"        return ProxyLoggingMiddleware(app, conf)"}],"source_content_type":"text/x-python","patch_set":3,"id":"6cbd767b_5e5874c1","line":468,"in_reply_to":"6df76a69_50cef8f5","updated":"2022-02-07 14:38:16.000000000","message":"Done","commit_id":"b5fc3db3b947b34700dd9aaabb29c5a4a34b76af"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"954329ef2d1b57ac68fe1d7198205d53460bc0c3","unresolved":true,"context_lines":[{"line_number":469,"context_line":"    # would register it. But because there could be 3rd party auth middlewares"},{"line_number":470,"context_line":"    # that use \u0027x-auth-token\u0027 will special case it here."},{"line_number":471,"context_line":"    register_sensitive_header(\u0027x-auth-token\u0027)"},{"line_number":472,"context_line":"    register_sensitive_header(\u0027x-storage-token\u0027)"},{"line_number":473,"context_line":""},{"line_number":474,"context_line":"    def proxy_logger(app):"},{"line_number":475,"context_line":"        return ProxyLoggingMiddleware(app, conf)"}],"source_content_type":"text/x-python","patch_set":5,"id":"d20c45ea_8c13ce72","line":472,"updated":"2022-02-03 15:20:33.000000000","message":"not covered by tests","commit_id":"0f140de5eaec029bf2e4d3432ae06a41f55ffc75"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"5251ea6b70e024a49529d576d1c8890882b328f6","unresolved":false,"context_lines":[{"line_number":469,"context_line":"    # would register it. But because there could be 3rd party auth middlewares"},{"line_number":470,"context_line":"    # that use \u0027x-auth-token\u0027 will special case it here."},{"line_number":471,"context_line":"    register_sensitive_header(\u0027x-auth-token\u0027)"},{"line_number":472,"context_line":"    register_sensitive_header(\u0027x-storage-token\u0027)"},{"line_number":473,"context_line":""},{"line_number":474,"context_line":"    def proxy_logger(app):"},{"line_number":475,"context_line":"        return ProxyLoggingMiddleware(app, conf)"}],"source_content_type":"text/x-python","patch_set":5,"id":"cd3cb95d_2096ab8b","line":472,"in_reply_to":"d20c45ea_8c13ce72","updated":"2022-02-03 15:30:51.000000000","message":"Done","commit_id":"0f140de5eaec029bf2e4d3432ae06a41f55ffc75"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"2d651725f17a7742347d3f65ed14d3439e9f4b56","unresolved":true,"context_lines":[{"line_number":469,"context_line":"    # would register it, but because there could be 3rd party auth middlewares"},{"line_number":470,"context_line":"    # that use \u0027x-auth-token\u0027 or \u0027x-storage-token\u0027 we special case it here."},{"line_number":471,"context_line":"    register_sensitive_header(\u0027x-auth-token\u0027)"},{"line_number":472,"context_line":"    register_sensitive_header(\u0027x-storage-token\u0027)"},{"line_number":473,"context_line":""},{"line_number":474,"context_line":"    def proxy_logger(app):"},{"line_number":475,"context_line":"        return ProxyLoggingMiddleware(app, conf)"}],"source_content_type":"text/x-python","patch_set":9,"id":"c5a28018_f5ef775e","line":472,"updated":"2022-02-03 21:33:27.000000000","message":"We\u0027ve debated about just baking these into the initial value of the global...\n\nIf we do, we should include a comment saying that they\u0027re included for the sake of legacy auth middlewares.","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"1884d3fd24671e5d3aad5d629a705fadf1f0a539","unresolved":true,"context_lines":[{"line_number":218,"context_line":"            else:"},{"line_number":219,"context_line":"                new_params.append((k, v))"},{"line_number":220,"context_line":"        if any_obscured:"},{"line_number":221,"context_line":"            req.params \u003d new_params"},{"line_number":222,"context_line":""},{"line_number":223,"context_line":"    def log_request(self, req, status_int, bytes_received, bytes_sent,"},{"line_number":224,"context_line":"                    start_time, end_time, resp_headers\u003dNone, ttfb\u003d0,"}],"source_content_type":"text/x-python","patch_set":11,"id":"d1c7fbf8_9b817420","line":221,"updated":"2022-02-09 10:54:09.000000000","message":"note to self: it is not sufficient to modify the req.params dict; req.params must be set in order to update the query string property","commit_id":"f2cec1caab222237ad02f0c7df675664a704648a"}],"swift/common/middleware/s3api/s3api.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"708b11a1d0cb007ef83f59d700427c0a174398bb","unresolved":true,"context_lines":[{"line_number":465,"context_line":""},{"line_number":466,"context_line":"    register_sensitive_header(\u0027authorization\u0027)"},{"line_number":467,"context_line":"    register_sensitive_param(\u0027Signature\u0027)"},{"line_number":468,"context_line":"    register_sensitive_param(\u0027X-Amz-Signature\u0027)"},{"line_number":469,"context_line":""},{"line_number":470,"context_line":"    def s3api_filter(app):"},{"line_number":471,"context_line":"        return S3ApiMiddleware(ListingEtagMiddleware(app), conf)"}],"source_content_type":"text/x-python","patch_set":2,"id":"4c4eafcc_d59e1104","line":468,"updated":"2022-01-10 19:56:15.000000000","message":"I should\u0027ve included some tests for these.","commit_id":"315cc467e051bdb549b3a5d5703f7017fef03520"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"d8c1a53105b167edaf33afc4d262524cd8b06155","unresolved":false,"context_lines":[{"line_number":465,"context_line":""},{"line_number":466,"context_line":"    register_sensitive_header(\u0027authorization\u0027)"},{"line_number":467,"context_line":"    register_sensitive_param(\u0027Signature\u0027)"},{"line_number":468,"context_line":"    register_sensitive_param(\u0027X-Amz-Signature\u0027)"},{"line_number":469,"context_line":""},{"line_number":470,"context_line":"    def s3api_filter(app):"},{"line_number":471,"context_line":"        return S3ApiMiddleware(ListingEtagMiddleware(app), conf)"}],"source_content_type":"text/x-python","patch_set":2,"id":"2125b037_a6a4108f","line":468,"in_reply_to":"4c4eafcc_d59e1104","updated":"2022-01-11 22:58:07.000000000","message":"Done","commit_id":"315cc467e051bdb549b3a5d5703f7017fef03520"}],"swift/common/middleware/tempurl.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"4da04ac532a19f78b3aa2474584a32ad5a010255","unresolved":true,"context_lines":[{"line_number":316,"context_line":"from swift.common.utils import split_path, get_valid_utf8_str, \\"},{"line_number":317,"context_line":"    get_hmac, streq_const_time, quote, get_logger, strict_b64decode"},{"line_number":318,"context_line":"from swift.common.registry import register_swift_info"},{"line_number":319,"context_line":"from swift.common.registry import register_sensitive_param"},{"line_number":320,"context_line":""},{"line_number":321,"context_line":""},{"line_number":322,"context_line":"DISALLOWED_INCOMING_HEADERS \u003d \u0027x-object-manifest x-symlink-target\u0027"}],"source_content_type":"text/x-python","patch_set":10,"id":"3de1d860_19ada2aa","line":319,"updated":"2022-02-04 20:39:06.000000000","message":"nit: Could roll these two together. w/e","commit_id":"70f90b51e4407d1933c36a9119440f733c119d56"}],"swift/common/registry.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"e16297ed07372156e9a5f319d126c71b9ab563a9","unresolved":true,"context_lines":[{"line_number":91,"context_line":""},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"def get_sensitive_headers():"},{"line_number":94,"context_line":"    return set(_sensitive_headers)"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"def register_sensitive_header(header):"}],"source_content_type":"text/x-python","patch_set":9,"id":"5ac28d77_ee9e9de0","line":94,"range":{"start_line":94,"start_character":11,"end_line":94,"end_character":14},"updated":"2022-02-04 06:17:12.000000000","message":"nit: Might want to use frozenset for these.","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"4da04ac532a19f78b3aa2474584a32ad5a010255","unresolved":false,"context_lines":[{"line_number":91,"context_line":""},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"def get_sensitive_headers():"},{"line_number":94,"context_line":"    return set(_sensitive_headers)"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"def register_sensitive_header(header):"}],"source_content_type":"text/x-python","patch_set":9,"id":"36864cb5_8e4d6d0c","line":94,"range":{"start_line":94,"start_character":11,"end_line":94,"end_character":14},"in_reply_to":"5ac28d77_ee9e9de0","updated":"2022-02-04 20:39:06.000000000","message":"Done","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"e16297ed07372156e9a5f319d126c71b9ab563a9","unresolved":true,"context_lines":[{"line_number":95,"context_line":""},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"def register_sensitive_header(header):"},{"line_number":98,"context_line":"    if not isinstance(header, str):"},{"line_number":99,"context_line":"        raise TypeError"},{"line_number":100,"context_line":"    _sensitive_headers.add(header)"},{"line_number":101,"context_line":""}],"source_content_type":"text/x-python","patch_set":9,"id":"0b4ee6db_39dba64a","line":98,"updated":"2022-02-04 06:17:12.000000000","message":"We should probably clarify, if only in docstrings, whether we expect these to be proper strings or WSGI strings. Or raise an error if there\u0027s non-ASCII characters.","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"4da04ac532a19f78b3aa2474584a32ad5a010255","unresolved":false,"context_lines":[{"line_number":95,"context_line":""},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"def register_sensitive_header(header):"},{"line_number":98,"context_line":"    if not isinstance(header, str):"},{"line_number":99,"context_line":"        raise TypeError"},{"line_number":100,"context_line":"    _sensitive_headers.add(header)"},{"line_number":101,"context_line":""}],"source_content_type":"text/x-python","patch_set":9,"id":"d50c416b_de4ac844","line":98,"in_reply_to":"0b4ee6db_39dba64a","updated":"2022-02-04 20:39:06.000000000","message":"Done","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"}],"swift/common/request_helpers.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"9cceeb8e4d4a299527d26a421f04c4fadfbfdaef","unresolved":true,"context_lines":[{"line_number":917,"context_line":"    obscure_map \u003d env.setdefault(\"obscure_map\", {})"},{"line_number":918,"context_line":"    if not obscure_map:"},{"line_number":919,"context_line":"        obscure_map.update({\u0027params\u0027: [], \u0027headers\u0027: []})"},{"line_number":920,"context_line":"    return obscure_map"},{"line_number":921,"context_line":""},{"line_number":922,"context_line":""},{"line_number":923,"context_line":"def obscure_map_append(env, param_or_header, key):"}],"source_content_type":"text/x-python","patch_set":1,"id":"6f19de30_56d752de","line":920,"updated":"2022-01-04 20:51:35.000000000","message":"I wonder if it\u0027d be better as something like\n\n if \"obscure_map\" not in env:\n     env[\"obscure_map\"] \u003d {\u0027params\u0027: [], \u0027headers\u0027: []}\n return env[\"obscure_map\"]\n\nThough I think our convention is to use a key more like \"swift.obscure_map\"","commit_id":"51ce5063ce8a5cd1be12688476e0404de8def9a4"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"d8c1a53105b167edaf33afc4d262524cd8b06155","unresolved":false,"context_lines":[{"line_number":917,"context_line":"    obscure_map \u003d env.setdefault(\"obscure_map\", {})"},{"line_number":918,"context_line":"    if not obscure_map:"},{"line_number":919,"context_line":"        obscure_map.update({\u0027params\u0027: [], \u0027headers\u0027: []})"},{"line_number":920,"context_line":"    return obscure_map"},{"line_number":921,"context_line":""},{"line_number":922,"context_line":""},{"line_number":923,"context_line":"def obscure_map_append(env, param_or_header, key):"}],"source_content_type":"text/x-python","patch_set":1,"id":"b123f7c7_cac9ea54","line":920,"in_reply_to":"6f19de30_56d752de","updated":"2022-01-11 22:58:07.000000000","message":"Ack","commit_id":"51ce5063ce8a5cd1be12688476e0404de8def9a4"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"708b11a1d0cb007ef83f59d700427c0a174398bb","unresolved":true,"context_lines":[{"line_number":934,"context_line":"def register_sensitive_param(query_param):"},{"line_number":935,"context_line":"    if not isinstance(query_param, str):"},{"line_number":936,"context_line":"        raise TypeError"},{"line_number":937,"context_line":"    _sensitive_params.add(query_param)"}],"source_content_type":"text/x-python","patch_set":2,"id":"ce1507ec_b85b602b","line":937,"updated":"2022-01-10 19:56:15.000000000","message":"I\u0027m not sure these ought to be in request_helpers -- maybe utils would be better? OTOH, that\u0027s already at like 6.5kloc...","commit_id":"315cc467e051bdb549b3a5d5703f7017fef03520"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"4da04ac532a19f78b3aa2474584a32ad5a010255","unresolved":false,"context_lines":[{"line_number":934,"context_line":"def register_sensitive_param(query_param):"},{"line_number":935,"context_line":"    if not isinstance(query_param, str):"},{"line_number":936,"context_line":"        raise TypeError"},{"line_number":937,"context_line":"    _sensitive_params.add(query_param)"}],"source_content_type":"text/x-python","patch_set":2,"id":"7f9f39c3_9f8d034d","line":937,"in_reply_to":"ce1507ec_b85b602b","updated":"2022-02-04 20:39:06.000000000","message":"Done","commit_id":"315cc467e051bdb549b3a5d5703f7017fef03520"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"ca8fd9042e2b04c6413dad2d6f30b8337d59514a","unresolved":true,"context_lines":[{"line_number":914,"context_line":""},{"line_number":915,"context_line":""},{"line_number":916,"context_line":"_sensitive_headers \u003d set()"},{"line_number":917,"context_line":"_sensitive_params \u003d set()"},{"line_number":918,"context_line":""},{"line_number":919,"context_line":""},{"line_number":920,"context_line":"def get_sensitive_headers():"}],"source_content_type":"text/x-python","patch_set":3,"id":"6d343247_1cf630c0","line":917,"updated":"2022-01-20 17:41:04.000000000","message":"we have the *_info globals in utils.py, which middlewares also register with - it would be nice to gather all these \u0027registry\u0027 globals into the same place (maybe even a new module?). I don\u0027t feel these *need* to be request_helpers.py, although it\u0027s also not wrong that they are here...I just like the idea of similar things being in the same place.","commit_id":"b5fc3db3b947b34700dd9aaabb29c5a4a34b76af"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"4da04ac532a19f78b3aa2474584a32ad5a010255","unresolved":false,"context_lines":[{"line_number":914,"context_line":""},{"line_number":915,"context_line":""},{"line_number":916,"context_line":"_sensitive_headers \u003d set()"},{"line_number":917,"context_line":"_sensitive_params \u003d set()"},{"line_number":918,"context_line":""},{"line_number":919,"context_line":""},{"line_number":920,"context_line":"def get_sensitive_headers():"}],"source_content_type":"text/x-python","patch_set":3,"id":"f6f052d0_18564afa","line":917,"in_reply_to":"6d343247_1cf630c0","updated":"2022-02-04 20:39:06.000000000","message":"Done","commit_id":"b5fc3db3b947b34700dd9aaabb29c5a4a34b76af"}],"test/unit/common/middleware/s3api/test_s3api.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"4da04ac532a19f78b3aa2474584a32ad5a010255","unresolved":true,"context_lines":[{"line_number":875,"context_line":"        self.assertIn(\u0027authorization\u0027, sensitive)"},{"line_number":876,"context_line":"        sensitive \u003d registry.get_sensitive_params()"},{"line_number":877,"context_line":"        self.assertIn(\u0027X-Amz-Signature\u0027, sensitive)"},{"line_number":878,"context_line":"        self.assertIn(\u0027Signature\u0027, sensitive)"},{"line_number":879,"context_line":""},{"line_number":880,"context_line":"    def test_registered_defaults(self):"},{"line_number":881,"context_line":"        conf_from_file \u003d {k: str(v) for k, v in self.conf.items()}"}],"source_content_type":"text/x-python","patch_set":10,"id":"97a9d48c_09730a43","line":878,"updated":"2022-02-04 20:39:06.000000000","message":":-/ Seems like there\u0027s some test bleed-over...","commit_id":"70f90b51e4407d1933c36a9119440f733c119d56"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"0c0562b92ff0bc58c0eaf27854483a654aac83af","unresolved":true,"context_lines":[{"line_number":875,"context_line":"        self.assertIn(\u0027authorization\u0027, sensitive)"},{"line_number":876,"context_line":"        sensitive \u003d registry.get_sensitive_params()"},{"line_number":877,"context_line":"        self.assertIn(\u0027X-Amz-Signature\u0027, sensitive)"},{"line_number":878,"context_line":"        self.assertIn(\u0027Signature\u0027, sensitive)"},{"line_number":879,"context_line":""},{"line_number":880,"context_line":"    def test_registered_defaults(self):"},{"line_number":881,"context_line":"        conf_from_file \u003d {k: str(v) for k, v in self.conf.items()}"}],"source_content_type":"text/x-python","patch_set":10,"id":"bce7fd75_a2619003","line":878,"in_reply_to":"266ec4d8_3b7bdcc9","updated":"2022-02-07 17:52:35.000000000","message":"We clear registry._sensitive_* at the top, push some stuff in, then leave it there. It\u0027s not the end of the world, but it might be better to mock out the dicts.","commit_id":"70f90b51e4407d1933c36a9119440f733c119d56"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"fdc0cb1f5ac50c37e99736eb9bbad4a3ce1aec5f","unresolved":true,"context_lines":[{"line_number":875,"context_line":"        self.assertIn(\u0027authorization\u0027, sensitive)"},{"line_number":876,"context_line":"        sensitive \u003d registry.get_sensitive_params()"},{"line_number":877,"context_line":"        self.assertIn(\u0027X-Amz-Signature\u0027, sensitive)"},{"line_number":878,"context_line":"        self.assertIn(\u0027Signature\u0027, sensitive)"},{"line_number":879,"context_line":""},{"line_number":880,"context_line":"    def test_registered_defaults(self):"},{"line_number":881,"context_line":"        conf_from_file \u003d {k: str(v) for k, v in self.conf.items()}"}],"source_content_type":"text/x-python","patch_set":10,"id":"266ec4d8_3b7bdcc9","line":878,"in_reply_to":"97a9d48c_09730a43","updated":"2022-02-07 14:38:16.000000000","message":"I\u0027m not seeing the problem?","commit_id":"70f90b51e4407d1933c36a9119440f733c119d56"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"951b4d0edf7a0186d8d11e9afc81e2af65ff0454","unresolved":false,"context_lines":[{"line_number":875,"context_line":"        self.assertIn(\u0027authorization\u0027, sensitive)"},{"line_number":876,"context_line":"        sensitive \u003d registry.get_sensitive_params()"},{"line_number":877,"context_line":"        self.assertIn(\u0027X-Amz-Signature\u0027, sensitive)"},{"line_number":878,"context_line":"        self.assertIn(\u0027Signature\u0027, sensitive)"},{"line_number":879,"context_line":""},{"line_number":880,"context_line":"    def test_registered_defaults(self):"},{"line_number":881,"context_line":"        conf_from_file \u003d {k: str(v) for k, v in self.conf.items()}"}],"source_content_type":"text/x-python","patch_set":10,"id":"9548c7f5_4a3df26d","line":878,"in_reply_to":"bce7fd75_a2619003","updated":"2022-02-09 21:38:05.000000000","message":"Done","commit_id":"70f90b51e4407d1933c36a9119440f733c119d56"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"eb50e5148fc08ff46ae2b1ef9ffc65d979064085","unresolved":true,"context_lines":[{"line_number":875,"context_line":"        self.assertIn(\u0027authorization\u0027, sensitive)"},{"line_number":876,"context_line":"        sensitive \u003d registry.get_sensitive_params()"},{"line_number":877,"context_line":"        self.assertIn(\u0027X-Amz-Signature\u0027, sensitive)"},{"line_number":878,"context_line":"        self.assertIn(\u0027Signature\u0027, sensitive)"},{"line_number":879,"context_line":""},{"line_number":880,"context_line":"    def test_registered_defaults(self):"},{"line_number":881,"context_line":"        conf_from_file \u003d {k: str(v) for k, v in self.conf.items()}"}],"source_content_type":"text/x-python","patch_set":10,"id":"3c8eab91_1e731e16","line":878,"in_reply_to":"bce7fd75_a2619003","updated":"2022-02-09 09:59:57.000000000","message":"OIC, I was focussed on there being some problem with the assertions :D Yeah, agree totally.","commit_id":"70f90b51e4407d1933c36a9119440f733c119d56"}],"test/unit/common/middleware/test_proxy_logging.py":[{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"954329ef2d1b57ac68fe1d7198205d53460bc0c3","unresolved":true,"context_lines":[{"line_number":906,"context_line":""},{"line_number":907,"context_line":"        # Default - reveal_sensitive_prefix is 16"},{"line_number":908,"context_line":"        # No x-auth-token header"},{"line_number":909,"context_line":"        app \u003d proxy_logging.ProxyLoggingMiddleware(FakeApp(), {})"},{"line_number":910,"context_line":"        app.access_logger \u003d debug_logger()"},{"line_number":911,"context_line":"        req \u003d Request.blank(\u0027/\u0027, environ\u003d{\u0027REQUEST_METHOD\u0027: \u0027GET\u0027})"},{"line_number":912,"context_line":"        resp \u003d app(req.environ, start_response)"}],"source_content_type":"text/x-python","patch_set":5,"id":"3c080a57_536ece30","line":909,"updated":"2022-02-03 15:20:33.000000000","message":"this does not register the sensitive headers, so relies on a previous call to the filter_factory function - I saw this test fail for that reason","commit_id":"0f140de5eaec029bf2e4d3432ae06a41f55ffc75"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"5251ea6b70e024a49529d576d1c8890882b328f6","unresolved":false,"context_lines":[{"line_number":906,"context_line":""},{"line_number":907,"context_line":"        # Default - reveal_sensitive_prefix is 16"},{"line_number":908,"context_line":"        # No x-auth-token header"},{"line_number":909,"context_line":"        app \u003d proxy_logging.ProxyLoggingMiddleware(FakeApp(), {})"},{"line_number":910,"context_line":"        app.access_logger \u003d debug_logger()"},{"line_number":911,"context_line":"        req \u003d Request.blank(\u0027/\u0027, environ\u003d{\u0027REQUEST_METHOD\u0027: \u0027GET\u0027})"},{"line_number":912,"context_line":"        resp \u003d app(req.environ, start_response)"}],"source_content_type":"text/x-python","patch_set":5,"id":"76d08366_be8f120d","line":909,"in_reply_to":"3c080a57_536ece30","updated":"2022-02-03 15:30:51.000000000","message":"Done","commit_id":"0f140de5eaec029bf2e4d3432ae06a41f55ffc75"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"954329ef2d1b57ac68fe1d7198205d53460bc0c3","unresolved":true,"context_lines":[{"line_number":917,"context_line":"        app \u003d proxy_logging.ProxyLoggingMiddleware(FakeApp(), {})"},{"line_number":918,"context_line":"        app.access_logger \u003d debug_logger()"},{"line_number":919,"context_line":"        req \u003d Request.blank(\u0027/\u0027, environ\u003d{\u0027REQUEST_METHOD\u0027: \u0027GET\u0027,"},{"line_number":920,"context_line":"                                          \u0027HTTP_X_AUTH_TOKEN\u0027: auth_token})"},{"line_number":921,"context_line":"        resp \u003d app(req.environ, start_response)"},{"line_number":922,"context_line":"        resp_body \u003d b\u0027\u0027.join(resp)"},{"line_number":923,"context_line":"        log_parts \u003d self._log_parts(app)"}],"source_content_type":"text/x-python","patch_set":5,"id":"574dcf7f_cd0e2d60","line":920,"range":{"start_line":920,"start_character":42,"end_line":920,"end_character":61},"updated":"2022-02-03 15:20:33.000000000","message":"should also test HTTP_X_STORAGE_TOKEN","commit_id":"0f140de5eaec029bf2e4d3432ae06a41f55ffc75"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"5251ea6b70e024a49529d576d1c8890882b328f6","unresolved":false,"context_lines":[{"line_number":917,"context_line":"        app \u003d proxy_logging.ProxyLoggingMiddleware(FakeApp(), {})"},{"line_number":918,"context_line":"        app.access_logger \u003d debug_logger()"},{"line_number":919,"context_line":"        req \u003d Request.blank(\u0027/\u0027, environ\u003d{\u0027REQUEST_METHOD\u0027: \u0027GET\u0027,"},{"line_number":920,"context_line":"                                          \u0027HTTP_X_AUTH_TOKEN\u0027: auth_token})"},{"line_number":921,"context_line":"        resp \u003d app(req.environ, start_response)"},{"line_number":922,"context_line":"        resp_body \u003d b\u0027\u0027.join(resp)"},{"line_number":923,"context_line":"        log_parts \u003d self._log_parts(app)"}],"source_content_type":"text/x-python","patch_set":5,"id":"14f936d1_a689d285","line":920,"range":{"start_line":920,"start_character":42,"end_line":920,"end_character":61},"in_reply_to":"574dcf7f_cd0e2d60","updated":"2022-02-03 15:30:51.000000000","message":"Done","commit_id":"0f140de5eaec029bf2e4d3432ae06a41f55ffc75"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"1884d3fd24671e5d3aad5d629a705fadf1f0a539","unresolved":true,"context_lines":[{"line_number":23,"context_line":""},{"line_number":24,"context_line":"from swift.common.utils import get_logger, split_path, StatsdClient"},{"line_number":25,"context_line":"from swift.common.middleware import proxy_logging"},{"line_number":26,"context_line":"from swift.common.registry import _sensitive_headers, \\"},{"line_number":27,"context_line":"    _sensitive_params, register_sensitive_header, register_sensitive_param, \\"},{"line_number":28,"context_line":"    get_sensitive_headers"},{"line_number":29,"context_line":"from swift.common.swob import Request, Response"},{"line_number":30,"context_line":"from swift.common import constraints"}],"source_content_type":"text/x-python","patch_set":11,"id":"22e34501_c29f6a9b","line":27,"range":{"start_line":26,"start_character":34,"end_line":27,"end_character":21},"updated":"2022-02-09 10:54:09.000000000","message":"it would be good to not import these \u0027private\u0027 members - in test_registry it more acceptable but the registry implementation shouldn\u0027t be exposed when testing proxy_logging","commit_id":"f2cec1caab222237ad02f0c7df675664a704648a"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"1884d3fd24671e5d3aad5d629a705fadf1f0a539","unresolved":true,"context_lines":[{"line_number":1242,"context_line":"        # both"},{"line_number":1243,"context_line":"        expected_params[0] \u003d (\u0027param_one\u0027, \u0027some_long_string...\u0027)"},{"line_number":1244,"context_line":"        obscured_test(params, headers, [\u0027param_two\u0027, \u0027param_one\u0027], [],"},{"line_number":1245,"context_line":"                      expected_params, headers)"},{"line_number":1246,"context_line":""},{"line_number":1247,"context_line":"        # Now the headers"},{"line_number":1248,"context_line":"        # first just 1 header"}],"source_content_type":"text/x-python","patch_set":11,"id":"8dfaa021_832cfb64","line":1245,"updated":"2022-02-09 10:54:09.000000000","message":"it would be good to test for case sensitivity","commit_id":"f2cec1caab222237ad02f0c7df675664a704648a"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"1884d3fd24671e5d3aad5d629a705fadf1f0a539","unresolved":true,"context_lines":[{"line_number":1258,"context_line":"        # both"},{"line_number":1259,"context_line":"        expected_headers[\"X-Auth-Token\"] \u003d \u0027this_is_my_auth_...\u0027"},{"line_number":1260,"context_line":"        obscured_test(params, headers, [], [\u0027X-Auth-Token\u0027, \u0027X-Other-Header\u0027],"},{"line_number":1261,"context_line":"                      params, expected_headers)"},{"line_number":1262,"context_line":""},{"line_number":1263,"context_line":"        # all together"},{"line_number":1264,"context_line":"        obscured_test(params, headers, [\u0027param_two\u0027, \u0027param_one\u0027],"}],"source_content_type":"text/x-python","patch_set":11,"id":"ff6331f8_f754084e","line":1261,"updated":"2022-02-09 10:54:09.000000000","message":"it would be good to test for case insensitivity","commit_id":"f2cec1caab222237ad02f0c7df675664a704648a"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"1884d3fd24671e5d3aad5d629a705fadf1f0a539","unresolved":true,"context_lines":[{"line_number":1263,"context_line":"        # all together"},{"line_number":1264,"context_line":"        obscured_test(params, headers, [\u0027param_two\u0027, \u0027param_one\u0027],"},{"line_number":1265,"context_line":"                      [\u0027X-Auth-Token\u0027, \u0027X-Other-Header\u0027],"},{"line_number":1266,"context_line":"                      expected_params, expected_headers)"}],"source_content_type":"text/x-python","patch_set":11,"id":"be162d48_1f2f2d47","line":1266,"updated":"2022-02-09 10:54:09.000000000","message":"_sensitive_headers and _sensitive_params are not cleared at end of this test","commit_id":"f2cec1caab222237ad02f0c7df675664a704648a"},{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"8b46d009c01d894f6f2b1f3f253922520ba0a671","unresolved":true,"context_lines":[{"line_number":715,"context_line":"        self.assertTrue(callable(factory(FakeApp())))"},{"line_number":716,"context_line":""},{"line_number":717,"context_line":"    def test_sensitive_headers_registered(self):"},{"line_number":718,"context_line":"        with mock.patch.object(registry, \u0027_sensitive_headers\u0027, set()):"},{"line_number":719,"context_line":"            self.assertNotIn(\u0027x-auth-token\u0027, get_sensitive_headers())"},{"line_number":720,"context_line":"            self.assertNotIn(\u0027x-storage-token\u0027, get_sensitive_headers())"},{"line_number":721,"context_line":"            proxy_logging.filter_factory({})(FakeApp())"}],"source_content_type":"text/x-python","patch_set":12,"id":"8bf1239f_e9bc8817","line":718,"updated":"2022-02-09 10:56:54.000000000","message":"ok, so this still \u0027exposes\u0027 the implementation :/ but at least the test side effects are more isolated","commit_id":"f2c279bae94689e2062beb6d0030d168a0b4cbdf"}],"test/unit/common/middleware/test_tempurl.py":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"708b11a1d0cb007ef83f59d700427c0a174398bb","unresolved":true,"context_lines":[{"line_number":214,"context_line":"            p_logging)"},{"line_number":215,"context_line":"        self.tempurl \u003d tempurl.filter_factory({})(self.auth)"},{"line_number":216,"context_line":""},{"line_number":217,"context_line":"        sig \u003d \u0027valid_sigs_will_be_exactly_40_characters\u0027"},{"line_number":218,"context_line":"        expires \u003d int(time() + 1000)"},{"line_number":219,"context_line":"        p_logging.access_logger.logger \u003d debug_logger(\u0027fake\u0027)"},{"line_number":220,"context_line":"        resp \u003d self._make_request("}],"source_content_type":"text/x-python","patch_set":2,"id":"51ea97cc_566699d5","line":217,"updated":"2022-01-10 19:56:15.000000000","message":"This isn\u0027t true following https://github.com/openstack/swift/commit/5a4d3bdf -- you can now have valid sigs that are\n\n* 40 chars (hex-encoded sha1 sig)\n* 64 chars (hex-encoded sha256 sig)\n* 50 or 51 chars (base64-encoded sha256 sig, with or without padding \u0027\u003d\u0027)\n* 93-95 chars (base64-encoded sha512 sig, again +/- padding)\n\nor even as short as 33 chars (!) if you do a base64-encoded sha1 sig.","commit_id":"315cc467e051bdb549b3a5d5703f7017fef03520"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"708b11a1d0cb007ef83f59d700427c0a174398bb","unresolved":true,"context_lines":[{"line_number":230,"context_line":"        info_lines \u003d p_logging.access_logger.\\"},{"line_number":231,"context_line":"            logger.get_lines_for_level(\u0027info\u0027)"},{"line_number":232,"context_line":""},{"line_number":233,"context_line":"        self.assertIn(trimmed_sig_qs, info_lines[0])"},{"line_number":234,"context_line":""},{"line_number":235,"context_line":"    @mock.patch(\u0027swift.common.middleware.tempurl.time\u0027, return_value\u003d0)"},{"line_number":236,"context_line":"    def test_get_valid_with_filename(self, mock_time):"}],"source_content_type":"text/x-python","patch_set":2,"id":"ad973d43_9e52d4b6","line":233,"updated":"2022-01-10 19:56:15.000000000","message":"Given the test coverage for proxy-logging, this may be a little excessive -- we could probably just check that filter_factory updates _sensitive_params. As long as we\u0027ve got this already-written, though, may as well keep it.","commit_id":"315cc467e051bdb549b3a5d5703f7017fef03520"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"d8c1a53105b167edaf33afc4d262524cd8b06155","unresolved":false,"context_lines":[{"line_number":230,"context_line":"        info_lines \u003d p_logging.access_logger.\\"},{"line_number":231,"context_line":"            logger.get_lines_for_level(\u0027info\u0027)"},{"line_number":232,"context_line":""},{"line_number":233,"context_line":"        self.assertIn(trimmed_sig_qs, info_lines[0])"},{"line_number":234,"context_line":""},{"line_number":235,"context_line":"    @mock.patch(\u0027swift.common.middleware.tempurl.time\u0027, return_value\u003d0)"},{"line_number":236,"context_line":"    def test_get_valid_with_filename(self, mock_time):"}],"source_content_type":"text/x-python","patch_set":2,"id":"3bc5d27d_68d155a8","line":233,"in_reply_to":"ad973d43_9e52d4b6","updated":"2022-01-11 22:58:07.000000000","message":"Ack","commit_id":"315cc467e051bdb549b3a5d5703f7017fef03520"}],"test/unit/common/test_registry.py":[{"author":{"_account_id":7847,"name":"Alistair Coles","email":"alistairncoles@gmail.com","username":"acoles"},"change_message_id":"cf5ac3fe938fafaf482848615dfa71b5899801fb","unresolved":true,"context_lines":[{"line_number":215,"context_line":""},{"line_number":216,"context_line":"class TestSensitiveRegistry(unittest.TestCase):"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"    def tearDown(self):"},{"line_number":219,"context_line":"        registry._sensitive_params \u003d set()"},{"line_number":220,"context_line":"        registry._sensitive_headers \u003d set()"},{"line_number":221,"context_line":""}],"source_content_type":"text/x-python","patch_set":8,"id":"4ef9b8b1_68f8eb7b","line":218,"updated":"2022-02-03 18:48:08.000000000","message":"clearing the globals in a setUp would be a good idea too - the tests seem to assume that nothing has been registered by another test e.g. line 223","commit_id":"02e5667318afa49e9c058b465034724f51388fac"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"e16297ed07372156e9a5f319d126c71b9ab563a9","unresolved":true,"context_lines":[{"line_number":215,"context_line":""},{"line_number":216,"context_line":"class TestSensitiveRegistry(unittest.TestCase):"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"    def tearDown(self):"},{"line_number":219,"context_line":"        registry._sensitive_params \u003d set()"},{"line_number":220,"context_line":"        registry._sensitive_headers \u003d set()"},{"line_number":221,"context_line":""}],"source_content_type":"text/x-python","patch_set":8,"id":"49ff438d_2920eedb","line":218,"in_reply_to":"4ef9b8b1_68f8eb7b","updated":"2022-02-04 06:17:12.000000000","message":"The parent patch highlighted another possible approach: mock.patch.dict(clear\u003dTrue)","commit_id":"02e5667318afa49e9c058b465034724f51388fac"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"e16297ed07372156e9a5f319d126c71b9ab563a9","unresolved":true,"context_lines":[{"line_number":227,"context_line":""},{"line_number":228,"context_line":"        registry.register_sensitive_header(\u0027Some-Header\u0027)"},{"line_number":229,"context_line":"        expected_headers \u003d {\u0027Some-Header\u0027}"},{"line_number":230,"context_line":"        self.assertEqual(expected_headers, registry._sensitive_headers)"},{"line_number":231,"context_line":""},{"line_number":232,"context_line":"        expected_headers.add(\"New-Header\")"},{"line_number":233,"context_line":"        registry.register_sensitive_header(\"New-Header\")"}],"source_content_type":"text/x-python","patch_set":9,"id":"d0c2303f_a5e0a263","line":230,"updated":"2022-02-04 06:17:12.000000000","message":"This feels too tied to the implementation -- maybe we just add the type-checking to test_get_sensitive_headers below?","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"e16297ed07372156e9a5f319d126c71b9ab563a9","unresolved":true,"context_lines":[{"line_number":236,"context_line":"        for header_not_str in (1, None, 1.1):"},{"line_number":237,"context_line":"            with self.assertRaises(TypeError):"},{"line_number":238,"context_line":"                registry.register_sensitive_header(header_not_str)"},{"line_number":239,"context_line":"                self.assertEqual(expected_headers, registry._sensitive_headers)"},{"line_number":240,"context_line":""},{"line_number":241,"context_line":"    def test_register_sensitive_param(self):"},{"line_number":242,"context_line":"        self.assertFalse(registry._sensitive_params)"}],"source_content_type":"text/x-python","patch_set":9,"id":"97c376aa_c6fc8830","line":239,"updated":"2022-02-04 06:17:12.000000000","message":"This assertion is never tested.","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"4da04ac532a19f78b3aa2474584a32ad5a010255","unresolved":false,"context_lines":[{"line_number":236,"context_line":"        for header_not_str in (1, None, 1.1):"},{"line_number":237,"context_line":"            with self.assertRaises(TypeError):"},{"line_number":238,"context_line":"                registry.register_sensitive_header(header_not_str)"},{"line_number":239,"context_line":"                self.assertEqual(expected_headers, registry._sensitive_headers)"},{"line_number":240,"context_line":""},{"line_number":241,"context_line":"    def test_register_sensitive_param(self):"},{"line_number":242,"context_line":"        self.assertFalse(registry._sensitive_params)"}],"source_content_type":"text/x-python","patch_set":9,"id":"ee5f5ce8_e69f8da5","line":239,"in_reply_to":"97c376aa_c6fc8830","updated":"2022-02-04 20:39:06.000000000","message":"Done","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"e16297ed07372156e9a5f319d126c71b9ab563a9","unresolved":true,"context_lines":[{"line_number":252,"context_line":"        for param_not_str in (1, None, 1.1):"},{"line_number":253,"context_line":"            with self.assertRaises(TypeError):"},{"line_number":254,"context_line":"                registry.register_sensitive_param(param_not_str)"},{"line_number":255,"context_line":"                self.assertEqual(expected_params, registry._sensitive_params)"},{"line_number":256,"context_line":""},{"line_number":257,"context_line":"    def test_get_sensitive_headers(self):"},{"line_number":258,"context_line":"        self.assertFalse(registry.get_sensitive_headers())"}],"source_content_type":"text/x-python","patch_set":9,"id":"03476e95_5a484a0d","line":255,"updated":"2022-02-04 06:17:12.000000000","message":"ditto","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"4da04ac532a19f78b3aa2474584a32ad5a010255","unresolved":false,"context_lines":[{"line_number":252,"context_line":"        for param_not_str in (1, None, 1.1):"},{"line_number":253,"context_line":"            with self.assertRaises(TypeError):"},{"line_number":254,"context_line":"                registry.register_sensitive_param(param_not_str)"},{"line_number":255,"context_line":"                self.assertEqual(expected_params, registry._sensitive_params)"},{"line_number":256,"context_line":""},{"line_number":257,"context_line":"    def test_get_sensitive_headers(self):"},{"line_number":258,"context_line":"        self.assertFalse(registry.get_sensitive_headers())"}],"source_content_type":"text/x-python","patch_set":9,"id":"619f75df_42573f2a","line":255,"in_reply_to":"03476e95_5a484a0d","updated":"2022-02-04 20:39:06.000000000","message":"Done","commit_id":"4ec366a6f6e35064a294b2f142e92fcbd10320ba"}]}