From fda8c1a7e20414788bc738dba25904031299cb4c Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <lfleischer@calcurse.org>
Date: Wed, 23 May 2018 17:58:25 +0200
Subject: calcurse-caldav: remove authorization data from logs

The Authorization header contains the Base64-encoded user name and
password. Remove this information from debug logs, unless the user
explicitly requests to keep them by using the --debug-raw flag.

Signed-off-by: Lukas Fleischer <lfleischer@calcurse.org>
---
 contrib/caldav/calcurse-caldav.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'contrib')

diff --git a/contrib/caldav/calcurse-caldav.py b/contrib/caldav/calcurse-caldav.py
index 997a5f6..33971e0 100755
--- a/contrib/caldav/calcurse-caldav.py
+++ b/contrib/caldav/calcurse-caldav.py
@@ -189,7 +189,10 @@ def remote_query(conn, cmd, path, additional_headers, body):
 
     if debug:
         print("> {} {}".format(cmd, path))
-        print("> Headers: " + repr(headers))
+        headers_sanitized = headers
+        if not debug_raw:
+            headers_sanitized.pop('Authorization', None)
+        print("> Headers: " + repr(headers_sanitized))
         if body:
             for line in body.splitlines():
                 print("> " + line)
@@ -504,6 +507,8 @@ parser.add_argument('-v', '--verbose', action='store_true', dest='verbose',
                     help='print status messages to stdout')
 parser.add_argument('--debug', action='store_true', dest='debug',
                     default=False, help='print debug messages to stdout')
+parser.add_argument('--debug-raw', action='store_true', dest='debug_raw',
+                    default=False, help='do not sanitize debug messages')
 args = parser.parse_args()
 
 init = args.init is not None
@@ -514,6 +519,7 @@ hookdir = args.hookdir
 authcode = args.authcode
 verbose = args.verbose
 debug = args.debug
+debug_raw = args.debug_raw
 
 # Read environment variables
 password = os.getenv('CALCURSE_CALDAV_PASSWORD')
-- 
cgit v1.2.3-70-g09d2