Merge branch 'MarketSquare:master' into get_response

Author: PaulBrandUWV

.github/release-drafter.yml

@@ -8,11 +8,11 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Python
-      uses: actions/setup-python@v1
+      uses: actions/setup-python@v5
       with:
-        python-version: '3.x'
+        python-version: '3.8'
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip

.github/workflows/pythonpublish.yml

@@ -116,6 +116,14 @@ class RequestsLibrary(RequestsOnSessionKeywords):
          - https://2.python-requests.org/en/master/user/quickstart/#post-a-multipart-encoded-file
          - https://2.python-requests.org/en/master/user/advanced/#post-multiple-multipart-encoded-files
 
+       = Logging and authentication =
+
+       All request data are logged by default headers included, which means that, sensitive information like passwords
+       or tokens may be present in the Robot Framework output files.
+       For this reason, the ``Authorization`` header is masked in standard logs to protect sensitive data.
+
+       The full value of ``Authorization`` will only be visible if the logging level is set to ``TRACE`` or ``DEBUG``.
+
     """
 
     __version__ = VERSION

.github/workflows/release-drafter.yml

@@ -5,6 +5,7 @@
 from RequestsLibrary.utils import is_file_descriptor
 
 LOG_CHAR_LIMIT = 10000
+AUTHORIZATION = 'Authorization'
 
 
 def log_response(response):
@@ -24,11 +25,14 @@ def log_request(response):
     else:
         original_request = request
         redirected = ""
+    safe_headers = dict(original_request.headers)
+    if logger.LOGLEVEL not in ['TRACE', 'DEBUG'] and AUTHORIZATION in safe_headers:
+        safe_headers[AUTHORIZATION] = '*****'
     logger.info(
         "%s Request : " % original_request.method.upper()
         + "url=%s %s\n " % (original_request.url, redirected)
         + "path_url=%s \n " % original_request.path_url
-        + "headers=%s \n " % original_request.headers
+        + "headers=%s \n " % safe_headers
         + "body=%s \n " % format_data_to_log_string(original_request.body)
     )
 

doc/RequestsLibrary.html

@@ -1 +1 @@
-VERSION = "1.0a11"
+VERSION = "1.0a12"

src/RequestsLibrary/__init__.py

@@ -1,5 +1,6 @@
 import json
 import os
+import pytest
 
 from requests import Request
 
@@ -60,6 +61,71 @@ def test_log_request(mocked_logger):
                                                   "body=%s \n " % request.body)
 
 
+@mock.patch('RequestsLibrary.log.logger')
+def test_log_request_with_headers(mocked_logger):
+    headers = {'User-Agent': 'python-requests/2.31.0',
+               'Accept-Encoding': 'gzip, deflate',
+               'Accept': '*/*',
+               'Connection': 'keep-alive'}
+    request = Request(method='get', url='http://mock.rulezz', headers=headers)
+    request = request.prepare()
+    response = mock.MagicMock()
+    response.history = []
+    response.request = request
+    log_request(response)
+    assert mocked_logger.info.call_args[0][0] == ("%s Request : " % request.method +
+                                                  "url=%s \n " % request.url +
+                                                  "path_url=%s \n " % request.path_url +
+                                                  "headers=%s \n " % request.headers +
+                                                  "body=%s \n " % request.body)
+
+
+@pytest.mark.parametrize('log_level', ['INFO', 'CONSOLE', 'HTML', 'WARN', 'ERROR'])
+@mock.patch('RequestsLibrary.log.logger')
+def test_log_request_with_headers_auth_with_no_debug_trace_logger(mocked_logger, log_level):
+    mocked_logger.LOGLEVEL = log_level
+    headers = {'User-Agent': 'python-requests/2.31.0',
+               'Accept-Encoding': 'gzip, deflate',
+               'Accept': '*/*',
+               'Connection': 'keep-alive',
+               'Authorization': 'some_token'}
+    safe_headers = dict(headers)
+    safe_headers['Authorization'] = '*****'
+    request = Request(method='get', url='http://mock.rulezz', headers=headers)
+    request = request.prepare()
+    response = mock.MagicMock()
+    response.history = []
+    response.request = request
+    log_request(response)
+    assert mocked_logger.info.call_args[0][0] == ("%s Request : " % request.method +
+                                                  "url=%s \n " % request.url +
+                                                  "path_url=%s \n " % request.path_url +
+                                                  "headers=%s \n " % safe_headers +
+                                                  "body=%s \n " % request.body)
+
+
+@pytest.mark.parametrize('log_level', ['DEBUG', 'TRACE'])
+@mock.patch('RequestsLibrary.log.logger')
+def test_log_request_with_headers_auth_with_debug_trace_logger(mocked_logger, log_level):
+    headers = {'User-Agent': 'python-requests/2.31.0',
+               'Accept-Encoding': 'gzip, deflate',
+               'Accept': '*/*',
+               'Connection': 'keep-alive',
+               'Authorization': 'some_token'}
+    mocked_logger.LOGLEVEL = log_level
+    request = Request(method='get', url='http://mock.rulezz', headers=headers)
+    request = request.prepare()
+    response = mock.MagicMock()
+    response.history = []
+    response.request = request
+    log_request(response)
+    assert mocked_logger.info.call_args[0][0] == ("%s Request : " % request.method +
+                                                  "url=%s \n " % request.url +
+                                                  "path_url=%s \n " % request.path_url +
+                                                  "headers=%s \n " % request.headers +
+                                                  "body=%s \n " % request.body)
+
+
 @mock.patch('RequestsLibrary.log.logger')
 def test_log_request_with_redirect(mocked_logger):
     request = Request(method='get', url='http://mock.rulezz/redirected')