From 1ecb631c3812efe124261ca272cf2c89406fe9ac Mon Sep 17 00:00:00 2001 From: riley priddle Date: Thu, 1 Aug 2024 21:21:11 +0100 Subject: [PATCH 1/4] fixed key for request + response --- firetail/auditor.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/firetail/auditor.py b/firetail/auditor.py index 0c7ba71..e2d0a85 100644 --- a/firetail/auditor.py +++ b/firetail/auditor.py @@ -110,16 +110,16 @@ def clean_pii(self, payload): oauth = False auth_token = None - for k, v in payload["req"].get("headers", {}).items(): + for k, v in payload["request"].get("headers", {}).items(): if k.lower() == "authorization" and "bearer " in v.lower(): oauth = True auth_token = v.split(" ")[1] if " " in v else None if k.lower() in self.scrub_headers: - payload["req"]["headers"][k] = "{SANITIZED_HEADER:" + self.sha1_hash(v) + "}" + payload["request"]["headers"][k] = "{SANITIZED_HEADER:" + self.sha1_hash(v) + "}" - for k, v in payload["res"].get("headers", {}).items(): + for k, v in payload["response"].get("headers", {}).items(): if k.lower() in self.scrub_headers: - payload["res"]["headers"][k] = "{SANITIZED_HEADER:" + self.sha1_hash(v) + "}" + payload["response"]["headers"][k] = "{SANITIZED_HEADER:" + self.sha1_hash(v) + "}" if auth_token not in [None, ""] and oauth and self.enrich_oauth: try: From 13b96bc9c6d59fecfde4f77c39a0ddd9676af7c6 Mon Sep 17 00:00:00 2001 From: riley priddle Date: Thu, 1 Aug 2024 22:13:25 +0100 Subject: [PATCH 2/4] fixed bugs with headers coming through as list --- firetail/auditor.py | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/firetail/auditor.py b/firetail/auditor.py index e2d0a85..72d5348 100644 --- a/firetail/auditor.py +++ b/firetail/auditor.py @@ -91,18 +91,18 @@ def set_token(self, token_secret): self.token = token_secret @staticmethod - def sha1_hash(value): - hash_object = hashlib.sha1(value.encode("utf-8")) - return "sha1:" + hash_object.hexdigest() + def sha_hash(value): + hash_object = hashlib.sha256(value.encode("utf-8")) + return "sha256:" + hash_object.hexdigest() @staticmethod def get_ttl_hash(seconds=600): return round(time.time() / seconds) - @lru_cache(maxsize=128) - def decode_token(token, ttl_hash=None): + @staticmethod + def decode_token(auth_token): return jwt.decode( - token, + auth_token.encode(), options={"verify_signature": False, "verify_exp": False}, ) @@ -110,21 +110,23 @@ def clean_pii(self, payload): oauth = False auth_token = None - for k, v in payload["request"].get("headers", {}).items(): - if k.lower() == "authorization" and "bearer " in v.lower(): + if auth_header := request.headers.get("Authorization"): + if "bearer " in auth_header.lower(): oauth = True - auth_token = v.split(" ")[1] if " " in v else None + auth_token = auth_header.split(" ")[1] if " " in auth_header else None + + for k, v in payload["request"].get("headers", {}).items(): if k.lower() in self.scrub_headers: - payload["request"]["headers"][k] = "{SANITIZED_HEADER:" + self.sha1_hash(v) + "}" + payload["request"]["headers"][k] = ["{SANITIZED_HEADER:" + self.sha_hash(item) + "}" for item in v] for k, v in payload["response"].get("headers", {}).items(): if k.lower() in self.scrub_headers: - payload["response"]["headers"][k] = "{SANITIZED_HEADER:" + self.sha1_hash(v) + "}" + payload["response"]["headers"][k] = ["{SANITIZED_HEADER:" + self.sha_hash(item) + "}" for item in v] if auth_token not in [None, ""] and oauth and self.enrich_oauth: try: - jwt_decoded = self.decode_token(auth_token, ttl_hash=self.get_ttl_hash()) - payload["oauth"] = {"sub": jwt_decoded["sub"]} + jwt_decoded = self.decode_token(auth_token) + payload["oauth"] = {"subject": jwt_decoded["sub"]} except jwt.exceptions.DecodeError: pass return payload From 7db032d50d8f0389ae44f960167b4302b561dde1 Mon Sep 17 00:00:00 2001 From: riley priddle Date: Thu, 1 Aug 2024 22:35:41 +0100 Subject: [PATCH 3/4] remove unused imports --- firetail/auditor.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/firetail/auditor.py b/firetail/auditor.py index 72d5348..b880cce 100644 --- a/firetail/auditor.py +++ b/firetail/auditor.py @@ -3,7 +3,6 @@ import logging import logging.config import time -from functools import lru_cache import jwt import requests @@ -95,10 +94,6 @@ def sha_hash(value): hash_object = hashlib.sha256(value.encode("utf-8")) return "sha256:" + hash_object.hexdigest() - @staticmethod - def get_ttl_hash(seconds=600): - return round(time.time() / seconds) - @staticmethod def decode_token(auth_token): return jwt.decode( From 752b703401b807e32a845e55b39482d0139950fe Mon Sep 17 00:00:00 2001 From: rileyfiretail <107564215+rileyfiretail@users.noreply.github.com> Date: Fri, 2 Aug 2024 10:06:37 +0100 Subject: [PATCH 4/4] Update firetail/auditor.py --- firetail/auditor.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/firetail/auditor.py b/firetail/auditor.py index b880cce..a692c8b 100644 --- a/firetail/auditor.py +++ b/firetail/auditor.py @@ -105,7 +105,8 @@ def clean_pii(self, payload): oauth = False auth_token = None - if auth_header := request.headers.get("Authorization"): + if auth_header := request.headers.get("Authorization", request.headers.get("authorization")): + if "bearer " in auth_header.lower(): oauth = True auth_token = auth_header.split(" ")[1] if " " in auth_header else None