edx_django_utils.logging.internal package

Submodules

edx_django_utils.logging.internal.filters module

Django-based logging filters

class edx_django_utils.logging.internal.filters.RemoteIpFilter(name='')

Bases: logging.Filter

A logging filter that adds the remote IP to the logging context

filter(record)

Determine if the specified record is to be logged.

Is the specified record to be logged? Returns 0 for no, nonzero for yes. If deemed appropriate, the record may be modified in-place.

class edx_django_utils.logging.internal.filters.UserIdFilter(name='')

Bases: logging.Filter

A logging filter that adds userid to the logging context

filter(record)

Determine if the specified record is to be logged.

Is the specified record to be logged? Returns 0 for no, nonzero for yes. If deemed appropriate, the record may be modified in-place.

edx_django_utils.logging.internal.log_sensitive module

Utilities for logging sensitive debug information such as authentication tokens.

Usage:

1. Generate keys using log-sensitive gen-keys

2. Follow the instructions it prints out, and pay close attention to the warning at the end of the output

3. When logging sensitive information, use like so:

   logger.info(
       "Received invalid auth token %s in Authorization header",
       encrypt_for_log(token, getattr(settings, 'YOUR_DEBUG_PUBLIC_KEY', None))
   )
   

   This will log a message like:

   Received invalid auth token [encrypted: ZXI...fFo=|IYS...1KA==] in Authorization header
   

4. If you need to decrypt one of these messages, save the encrypted portion to file, retrieve the securely held private key, and run log-sensitive decrypt --help for instructions.

edx_django_utils.logging.internal.log_sensitive.decrypt_log_message(encrypted_message, reader_private_key_b64)

Decrypt a message using the private key that has been stored somewhere secure and not on the server.

edx_django_utils.logging.internal.log_sensitive.encrypt_for_log(message, reader_public_key_b64)

Encrypt a message so that it can be logged using the given public key, but only read by someone possessing the matching private key. The public key is provided in base64.

A separate keypair should be used for each recipient or purpose.

Returns a string <sender public key> “|” <ciphertext> wrapped in some framing text “[encrypted: …]”; the inner string can be decrypted with decrypt_log_message.

For ease of use, key may be None or empty; a warning message will be returned instead of data, encrypted or otherwise.

edx_django_utils.logging.internal.log_sensitive.generate_reader_keys()

Utility method for generating a public/private keypair for use with these logging functions.

Module contents