fix(egress): strip injected Authorization and redact bodies in LOG_FULL path

_log_request and _log_response wrote headers and bodies to stderr verbatim. _log_request also included the sidecar-injected upstream Authorization value, exposing live bearer tokens on every allowed request under LOG_FULL. Apply redact_tokens to all header values and bodies in both log functions; exclude the authorization header from _log_request entirely since its value is always a live sidecar-injected credential by the time _log_request runs. Closes #257
2026-06-25 02:39:54 +00:00
parent ec41f629a4
commit 9b929d0684
3 changed files with 373 additions and 4 deletions
@@ -0,0 +1,273 @@
+"""Unit: LOG_FULL credential redaction in _log_request / _log_response (issue #257).
+
+egress_addon.py is sidecar-only code that depends on mitmproxy, which is
+not installed on the host. This file pre-populates sys.modules with the
+minimum mocks needed so EgressAddon can be imported and tested without the
+real mitmproxy package."""
+
+from __future__ import annotations
+
+import json
+import sys
+import types
+import unittest
+from io import StringIO
+from unittest.mock import patch
+
+
+# ---------------------------------------------------------------------------
+# Sidecar-import shims — must run before importing egress_addon
+# ---------------------------------------------------------------------------
+
+def _ensure_shims() -> None:
+    if "mitmproxy" not in sys.modules:
+        _mm = types.ModuleType("mitmproxy")
+        _mh = types.ModuleType("mitmproxy.http")
+        _mm.http = _mh
+        sys.modules["mitmproxy"] = _mm
+        sys.modules["mitmproxy.http"] = _mh
+    if "egress_addon_core" not in sys.modules:
+        import bot_bottle.egress_addon_core as _core
+        sys.modules["egress_addon_core"] = _core
+
+
+_ensure_shims()
+
+from bot_bottle.egress_addon import EgressAddon  # noqa: E402  (import after shims)
+from bot_bottle.egress_addon_core import Config, LOG_FULL  # noqa: E402
+
+
+# ---------------------------------------------------------------------------
+# Helpers
+# ---------------------------------------------------------------------------
+
+def _addon() -> EgressAddon:
+    """Return a bare EgressAddon with LOG_FULL config and no routes file."""
+    a: EgressAddon = EgressAddon.__new__(EgressAddon)
+    a.config = Config(routes=(), log=LOG_FULL)
+    a.safe_tokens = set()
+    a._supervise_queue_dir = ""
+    a._supervise_slug = ""
+    a._token_allow_timeout = 300.0
+    return a
+
+
+class _Headers:
+    def __init__(self, d: dict[str, str]) -> None:
+        self._d = d
+
+    def items(self) -> list[tuple[str, str]]:
+        return list(self._d.items())
+
+
+class _Request:
+    def __init__(
+        self,
+        host: str = "api.example.com",
+        method: str = "POST",
+        path: str = "/v1/messages",
+        headers: dict[str, str] | None = None,
+        body: str = "",
+    ) -> None:
+        self.pretty_host = host
+        self.method = method
+        self.path = path
+        self.headers = _Headers(headers or {})
+        self._body = body
+
+    def get_text(self, *, strict: bool = True) -> str:
+        return self._body
+
+
+class _Response:
+    def __init__(
+        self,
+        status_code: int = 200,
+        headers: dict[str, str] | None = None,
+        body: str = "",
+    ) -> None:
+        self.status_code = status_code
+        self.headers = _Headers(headers or {})
+        self._body = body
+
+    def get_text(self, *, strict: bool = True) -> str:
+        return self._body
+
+
+class _Flow:
+    def __init__(
+        self,
+        request: _Request | None = None,
+        response: _Response | None = None,
+    ) -> None:
+        self.request = request or _Request()
+        self.response = response or _Response()
+
+
+def _log_request(addon: EgressAddon, flow: _Flow) -> dict:
+    buf = StringIO()
+    with patch("sys.stderr", buf):
+        addon._log_request(flow)  # type: ignore[arg-type]
+    return json.loads(buf.getvalue())
+
+
+def _log_response(addon: EgressAddon, flow: _Flow) -> dict:
+    buf = StringIO()
+    with patch("sys.stderr", buf):
+        addon._log_response(flow)  # type: ignore[arg-type]
+    return json.loads(buf.getvalue())
+
+
+# ---------------------------------------------------------------------------
+# _log_request — authorization header stripped
+# ---------------------------------------------------------------------------
+
+
+class TestLogRequestAuthorizationStripped(unittest.TestCase):
+    def test_lowercase_authorization_excluded(self) -> None:
+        addon = _addon()
+        flow = _Flow(request=_Request(headers={"authorization": "Bearer sk-real-secret"}))
+        entry = _log_request(addon, flow)
+        self.assertNotIn("authorization", entry["headers"])
+
+    def test_titlecase_authorization_excluded(self) -> None:
+        addon = _addon()
+        flow = _Flow(request=_Request(headers={"Authorization": "Bearer sk-real-secret"}))
+        entry = _log_request(addon, flow)
+        self.assertNotIn("Authorization", entry["headers"])
+        self.assertNotIn("authorization", entry["headers"])
+
+    def test_non_auth_headers_retained(self) -> None:
+        addon = _addon()
+        flow = _Flow(request=_Request(headers={
+            "authorization": "Bearer sk-real-secret",
+            "content-type": "application/json",
+        }))
+        entry = _log_request(addon, flow)
+        self.assertIn("content-type", entry["headers"])
+        self.assertEqual("application/json", entry["headers"]["content-type"])
+
+    def test_no_authorization_header_logs_all_others(self) -> None:
+        addon = _addon()
+        flow = _Flow(request=_Request(headers={"x-request-id": "abc"}))
+        entry = _log_request(addon, flow)
+        self.assertEqual({"x-request-id": "abc"}, entry["headers"])
+
+
+# ---------------------------------------------------------------------------
+# _log_request — body redaction
+# ---------------------------------------------------------------------------
+
+
+_OPENAI_KEY = "sk-" + "A" * 48
+
+
+class TestLogRequestBodyRedacted(unittest.TestCase):
+    def test_token_pattern_in_body_scrubbed(self) -> None:
+        addon = _addon()
+        flow = _Flow(request=_Request(body=f"key={_OPENAI_KEY}"))
+        entry = _log_request(addon, flow)
+        self.assertNotIn(_OPENAI_KEY, entry["body"])
+        self.assertIn("********", entry["body"])
+
+    def test_provisioned_secret_in_body_scrubbed(self) -> None:
+        addon = _addon()
+        secret = "provisioned-egress-secret-xyz"
+        flow = _Flow(request=_Request(body=f"token={secret}"))
+        with patch.dict("os.environ", {"EGRESS_TOKEN_0": secret}):
+            entry = _log_request(addon, flow)
+        self.assertNotIn(secret, entry["body"])
+        self.assertIn("********", entry["body"])
+
+    def test_clean_body_preserved(self) -> None:
+        addon = _addon()
+        payload = '{"model": "claude-3", "max_tokens": 1024}'
+        flow = _Flow(request=_Request(body=payload))
+        entry = _log_request(addon, flow)
+        self.assertEqual(payload, entry["body"])
+
+
+# ---------------------------------------------------------------------------
+# _log_request — non-authorization header value redaction
+# ---------------------------------------------------------------------------
+
+
+class TestLogRequestHeaderValuesRedacted(unittest.TestCase):
+    def test_token_in_custom_header_scrubbed(self) -> None:
+        addon = _addon()
+        flow = _Flow(request=_Request(headers={"x-api-key": _OPENAI_KEY}))
+        entry = _log_request(addon, flow)
+        self.assertNotIn(_OPENAI_KEY, entry["headers"].get("x-api-key", ""))
+        self.assertIn("********", entry["headers"].get("x-api-key", ""))
+
+    def test_clean_header_value_preserved(self) -> None:
+        addon = _addon()
+        flow = _Flow(request=_Request(headers={"accept": "application/json"}))
+        entry = _log_request(addon, flow)
+        self.assertEqual("application/json", entry["headers"]["accept"])
+
+
+# ---------------------------------------------------------------------------
+# _log_response — body redaction
+# ---------------------------------------------------------------------------
+
+
+class TestLogResponseBodyRedacted(unittest.TestCase):
+    def test_token_pattern_in_response_body_scrubbed(self) -> None:
+        addon = _addon()
+        flow = _Flow(
+            request=_Request(),
+            response=_Response(body=f'{{"key": "{_OPENAI_KEY}"}}'),
+        )
+        entry = _log_response(addon, flow)
+        self.assertNotIn(_OPENAI_KEY, entry["body"])
+        self.assertIn("********", entry["body"])
+
+    def test_provisioned_secret_in_response_body_scrubbed(self) -> None:
+        addon = _addon()
+        secret = "provisioned-egress-secret-xyz"
+        flow = _Flow(
+            request=_Request(),
+            response=_Response(body=f'{{"token": "{secret}"}}'),
+        )
+        with patch.dict("os.environ", {"EGRESS_TOKEN_0": secret}):
+            entry = _log_response(addon, flow)
+        self.assertNotIn(secret, entry["body"])
+        self.assertIn("********", entry["body"])
+
+    def test_clean_response_body_preserved(self) -> None:
+        addon = _addon()
+        flow = _Flow(request=_Request(), response=_Response(body='{"result": "ok"}'))
+        entry = _log_response(addon, flow)
+        self.assertEqual('{"result": "ok"}', entry["body"])
+
+
+# ---------------------------------------------------------------------------
+# _log_response — response header value redaction
+# ---------------------------------------------------------------------------
+
+
+class TestLogResponseHeaderValuesRedacted(unittest.TestCase):
+    def test_token_in_response_header_scrubbed(self) -> None:
+        addon = _addon()
+        flow = _Flow(
+            request=_Request(),
+            response=_Response(headers={"set-cookie": f"token={_OPENAI_KEY}"}),
+        )
+        entry = _log_response(addon, flow)
+        cookie_val = entry["headers"].get("set-cookie", "")
+        self.assertNotIn(_OPENAI_KEY, cookie_val)
+        self.assertIn("********", cookie_val)
+
+    def test_clean_response_header_preserved(self) -> None:
+        addon = _addon()
+        flow = _Flow(
+            request=_Request(),
+            response=_Response(headers={"content-type": "application/json"}),
+        )
+        entry = _log_response(addon, flow)
+        self.assertEqual("application/json", entry["headers"]["content-type"])
+
+
+if __name__ == "__main__":
+    unittest.main()