secure-logger 0.1.3

A function decorator for beautiful and complete logging

Secure Logger

A Python decorator to generate redacted and nicely formatted log entries. Works on all callables: class, class methods, Python module functions. Recursively redacts Python dictionary key values based on a customizable list of keys.

Usage

As a decorator

from secure_logger.decorators import secure_logger

class TestClass(object):

    @secure_logger()
    def test_2(self, test_dict, test_list):
        pass

# call your method, passing some sensitive data
test_dict = {
    'not_a_sensitive_key': 'you-can-see-me',
    'aws-access-key_id': conf.AWS_ACCESS_KEY_ID,
    'aws-secret-access-key': conf.AWS_SECRET_ACCESS_KEY
}
test_list = ['foo', 'bar']
o = TestClass()
o.test_2(test_dict=test_dict, test_list=test_list)

Log output:

INFO:secure_logger: __main__.TestClass().test_2()  keyword args: {
    "test_dict": {
        "not_a_sensitive_key": "you-can-see-me",
        "aws-access-key-id": "*** -- REDACTED -- ***",
        "aws-secret-access-key": "*** -- REDACTED -- ***"
    },
    "test_list": [
        "foo",
        "bar"
    ]
}

As library functions

from secure_logger.masked_dict import masked_dict, masked_dict2str

test_dict = {
    'not_a_sensitive_key': 'you-can-see-me',
    'aws-access-key_id': conf.AWS_ACCESS_KEY_ID,
    'aws-secret-access-key': conf.AWS_SECRET_ACCESS_KEY
}
print(masked_dict2str(test_dict))

Output:

{
    "not_a_sensitive_key": "you-can-see-me",
    "aws-access-key-id": "*** -- REDACTED -- ***",
    "aws-secret-access-key": "*** -- REDACTED -- ***"
}

Installation

pip install secure-logger

Configuration

secure_logger accepts optional parameters.

• sensitive_keys: a Python list of dictionary keys. Not case sensitive.
• message: a string value that will replace the sensitive key values
• indent: number of characters to indent JSON string output when logging output

class MyClass():

    @secure_logger(sensitive_keys=["password", "token", "crown_jewels"], message="***", indent=4)
    def another_def(self):

Configuration Defaults

DEFAULT_REDACTION_MESSAGE = "*** -- REDACTED -- ***"
DEFAULT_INDENT = 4
DEFAULT_SENSITIVE_KEYS = [
    "password",
    "token",
    "client_id",
    "client_secret",
    "Authorization",
    "secret",
    "access_key_id",
    "secret_access_key",
    "access-key-id",
    "secret-access-key",
    "aws_access_key_id",
    "aws_secret_access_key",
    "aws-access-key-id",
    "aws-secret-access-key",
]

Contributing

Pull requests are welcome, and you can also contact Lawrence McDaniel directly.

Getting Started With Local development

• Use the same virtual environment that you use for edx-platform
• Ensure that your Python interpreter to 3.8x
• install black: https://pypi.org/project/black/
• install flake8: https://flake8.pycqa.org/en/latest/
• install flake8-coding: https://pypi.org/project/flake8-coding/

# Run these from within your edx-platform virtual environment
python3 -m venv venv
source venv/bin/activate

pip install -r requirements/local.txt
pip install pre-commit black flake8
pre-commit install

Local development good practices

• run black on modified code before committing.
• run flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
• run flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
• run pre-commit run --all-files before pushing. see: https://pre-commit.com/