Merge pull request #72 from SciCatProject/hide-token-in-error-msg

Strip tokens from exception messages
SciCatProject · Mar 15, 2023 · 3ec7d97 · 3ec7d97
2 parents 05ebd2b + 267ece9
commit 3ec7d97
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 5 deletions.
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
@@ -49,10 +49,13 @@ Bugfixes
 
 * Removed ``Dataset.instrument_id`` for derived datasets.
 
-Documentation
-~~~~~~~~~~~~~
+v23.03.1 (2023-03-15)
+---------------------
+
+Security
+~~~~~~~~
 
-* Document how file transfers interact with source folders.
+* Remove user token from error messages.
 
 v23.01.1 (2023-01-20)
 ---------------------

diff --git a/src/scitacean/client.py b/src/scitacean/client.py
@@ -601,6 +601,7 @@ def _send_to_scicat(
             params = {"access_token": token}
             headers = {"Authorization": "Bearer {}".format(token)}
         else:
+            token = ""
             params = {}
             headers = {}
 
@@ -619,8 +620,14 @@ def _send_to_scicat(
                 verify=True,
             )
         except Exception as exc:
-            # Remove concrete request function call from backtrace.
-            raise type(exc)(exc.args) from None
+            # Remove concrete request function call from backtrace to hide the token.
+            # Also modify the error message to strip out the token.
+            # It shows up, e.g. in urllib3.exceptions.NewConnectionError.
+            # This turns the exception args into strings.
+            # But we have little use of more structured errors, so that should be fine.
+            raise type(exc)(
+                tuple(_strip_token(arg, token) for arg in exc.args)
+            ) from None
 
     def _call_endpoint(
         self,
@@ -656,6 +663,13 @@ def _url_concat(a: str, b: str) -> str:
     return a + b
 
 
+def _strip_token(error: Any, token: str) -> str:
+    error = str(error)
+    error = re.sub(r"token=[\w\-./]+", "token=<HIDDEN>", error)
+    error = error.replace(token, "<HIDDEN>")
+    return error
+
+
 def _make_orig_datablock(
     fields: Dict[str, Any], strict_validation: bool
 ) -> model.OrigDatablock:

diff --git a/tests/client_test.py b/tests/client_test.py
@@ -254,3 +254,17 @@ def test_cannot_pickle_client_credentials_login(request, scicat_access, scicat_b
     )
     with pytest.raises(TypeError):
         pickle.dumps(client)
+
+
+def test_connection_error_does_not_contain_token():
+    client = Client.from_token(
+        url="https://not-actually-a_server",
+        token="the token/which_must-be.kept secret",  # noqa: S106
+    )
+    try:
+        client.get_dataset("does not exist")
+        assert False, "There must be an exception"  # noqa: B011
+    except Exception as exc:
+        assert "the token/which_must-be.kept secret" not in str(exc)
+        for arg in exc.args:
+            assert "the token/which_must-be.kept secret" not in str(arg)