Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: redact bot_access_tokens from the debug logs of socket mode #1519

Merged
merged 3 commits into from
Jun 26, 2024
+42 −3
Merged

fix: redact bot_access_tokens from the debug logs of socket mode #1519

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f66014e
Initial commit
WilliamBergamin Jun 26, 2024
47ad0dd
Add example in comment
WilliamBergamin Jun 26, 2024
4edc370
Update name of function
WilliamBergamin Jun 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion slack_sdk/socket_mode/builtin/client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
from slack_sdk.web import WebClient
from .connection import Connection, ConnectionState
from ..interval_runner import IntervalRunner
from ..logger.messages import debug_message_redact
from ...errors import SlackClientConfigurationError, SlackClientNotConnectedError
from ...proxy_env_variable_loader import load_http_proxy_from_env

Expand Down Expand Up @@ -231,7 +232,7 @@ def close(self):

def _on_message(self, message: str):
if self.logger.level <= logging.DEBUG:
self.logger.debug(f"on_message invoked: (message: {message})")
self.logger.debug(f"on_message invoked: (message: {debug_message_redact(message)})")
self.enqueue_message(message)
for listener in self.on_message_listeners:
listener(message)
Expand Down
Empty file added slack_sdk/socket_mode/logger/__init__.py
View file
Open in desktop
Empty file.
6 changes: 6 additions & 0 deletions slack_sdk/socket_mode/logger/messages.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
import re


def debug_message_redact(message: str) -> str:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that you followed this file and method naming: https://github.com/slackapi/bolt-python/blob/main/slack_bolt/logger/messages.py The format is more of "{log_level}_{log meaning}", thus "debug_redacted_message_string" or something like that would be even better. What do you think?

Suggested change
def debug_message_redact(message: str) -> str:
def debug_redacted_message_string(message: str) -> str:

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed 👍 I like debug_redacted_message_string

xwfp_token_pattern = re.compile(r"\"xwfp-[A-Za-z0-9\-]+\"") # ex: "xwfp-abc-ABC-1234"
return re.sub(xwfp_token_pattern, "[[REDACTED]]", message)
4 changes: 3 additions & 1 deletion slack_sdk/socket_mode/websocket_client/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@
from slack_sdk.socket_mode.request import SocketModeRequest
from slack_sdk.web import WebClient

from ..logger.messages import debug_message_redact


class SocketModeClient(BaseSocketModeClient):
logger: Logger
Expand Down Expand Up @@ -147,7 +149,7 @@ def on_open(ws: WebSocketApp):

def on_message(ws: WebSocketApp, message: str):
if self.logger.level <= logging.DEBUG:
self.logger.debug(f"on_message invoked: (message: {message})")
self.logger.debug(f"on_message invoked: (message: {debug_message_redact(message)})")
self.enqueue_message(message)
for listener in self.on_message_listeners:
listener(ws, message)
Expand Down
4 changes: 3 additions & 1 deletion slack_sdk/socket_mode/websockets/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@
from slack_sdk.socket_mode.request import SocketModeRequest
from slack_sdk.web.async_client import AsyncWebClient

from ..logger.messages import debug_message_redact


class SocketModeClient(AsyncBaseSocketModeClient):
logger: Logger
Expand Down Expand Up @@ -149,7 +151,7 @@ async def receive_messages(self) -> None:
if isinstance(message, bytes):
message = message.decode("utf-8")
if self.logger.level <= logging.DEBUG:
self.logger.debug(f"Received message: {message}, session: {session_id}")
self.logger.debug(f"Received message: {debug_message_redact(message)}, session: {session_id}")
await self.enqueue_message(message)
consecutive_error_count = 0
except Exception as e:
Expand Down
Empty file added tests/slack_sdk/socket_mode/logger/__init__.py
View file
Open in desktop
Empty file.
26 changes: 26 additions & 0 deletions tests/slack_sdk/socket_mode/logger/test_messages.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
import unittest

from slack_sdk.socket_mode.logger.messages import debug_message_redact


class TestRequest(unittest.TestCase):
def setUp(self):
pass

def tearDown(self):
pass

def test_debug_message_redact(self):
message = """{"envelope_id":"abc-123","payload":{"token":"xxx","team_id":"T123","api_app_id":"A123","event":{"type":"function_executed","function":{"id":"Fn123","callback_id":"sample_function","title":"Sample function","description":"","type":"app","input_parameters":[],"output_parameters":[],"app_id":"A123","date_created":1719416102,"date_released":0,"date_updated":1719426759,"date_deleted":0,"form_enabled":false},"inputs":{"user_id":"U123"},"function_execution_id":"Fx123","workflow_execution_id":"Wx079QN9CT8E","event_ts":"1719427571.129426","bot_access_token":"xwfp-123-abc"},"type":"event_callback","event_id":"Ev123","event_time":1719427571},"type":"events_api","accepts_response_payload":false,"retry_attempt":0,"retry_reason":""}"""
redacted_message = debug_message_redact(message)
self.assertEqual(redacted_message.count('"bot_access_token":[[REDACTED]]'), 1)

def test_debug_message_redact_no_changes(self):
message = """{"envelope_id":"abc-123","payload":{"token":"xxx","team_id":"T123","api_app_id":"A123","event":{"type":"function_executed","function":{"id":"Fn123","callback_id":"sample_function","title":"Sample function","description":"","type":"app","input_parameters":[],"output_parameters":[],"app_id":"A123","date_created":1719416102,"date_released":0,"date_updated":1719426759,"date_deleted":0,"form_enabled":false},"inputs":{"user_id":"U123"},"function_execution_id":"Fx123","workflow_execution_id":"Wx079QN9CT8E","event_ts":"1719427571.129426"},"type":"event_callback","event_id":"Ev123","event_time":1719427571},"type":"events_api","accepts_response_payload":false,"retry_attempt":0,"retry_reason":""}"""
redacted_message = debug_message_redact(message)
self.assertEqual(redacted_message.count('"bot_access_token":[[REDACTED]]'), 0)

def test_debug_message_redact_simple(self):
message = '"bot_access_token": "xwfp-123-abc"'
redacted_message = debug_message_redact(message)
self.assertEqual(redacted_message.count('"bot_access_token": [[REDACTED]]'), 1)
Loading