532: fixes logic so filter checks the logger record level, updates tests

Jacques Troussard · Jacques Troussard · commit 103d28c69d77 · 2024-03-23T17:47:35.000-04:00
diff --git a/requests_oauthlib/log_filters.py b/requests_oauthlib/log_filters.py
@@ -2,22 +2,42 @@
 import re
 import logging
 
-class DebugModeTokenFilter(logging.Filter): # <-- inherent from the Filter class
+class DebugModeTokenFilter(logging.Filter):
+    """
+    A logging filter that while in DEBUG mode can filter TOKENS dependent on configuration.
+
+    This filter uses an environment variable to determine its mode, 
+    which can either mask sensitive tokens in log messages, suppress logging, 
+    or default to standard logging behavior with a warning.
+
+    Attributes:
+        mode (str): The mode of operation based on the environment variable
+                    'DEBUG_MODE_TOKEN_FILTER'. Can be 'MASK', 'SUPPRESS', or 'DEFAULT'.
+    """
     def __init__(self):
+        """
+        Initializes the DebugModeTokenFilter with the 'DEBUG_MODE_TOKEN_FILTER'
+        environment variable.
+        """
         super().__init__()
-        # set the behavior/configuration of the filter by the environment variable 
         self.mode = os.getenv('DEBUG_MODE_TOKEN_FILTER', 'DEFAULT').upper() 
 
     def filter(self, record):
-        if self.mode == "MASK":
-            # While this doesn't directly target the headers as @erlendvollset 's post originally targets
-            # this wider approach of targeting the "Bearer" key word I believe provides complete coverage.
-            # However I would still recommend some more research to see if this regex would need to be improved
-            # to provide a secure/trusted solution.
-            record.msg = re.sub(r'Bearer (\w+)', '[MASKED]', record.getMessage())
-        elif self.mode == "SUPPRESS":
-            return False
-        elif self.mode == "DEFAULT":
-            msg = "Your logger, when in DEBUG mode, will log TOKENS"
-            raise Warning(msg)
-        return True
+        """
+        Filters logs of TOKENS dependent on the configured mode.
+
+        Args:
+            record (logging.LogRecord): The log record to filter.
+
+        Returns:
+            bool: True if the record should be logged, False otherwise.
+        """
+        if record.levelno == logging.DEBUG:
+            if self.mode == "MASK":
+                record.msg = re.sub(r'Bearer (\w+)', '[MASKED]', record.getMessage())
+            elif self.mode == "SUPPRESS":
+                return False
+            elif self.mode == "DEFAULT":
+                msg = "Your logger, when in DEBUG mode, will log TOKENS"
+                raise Warning(msg)
+            return True
diff --git a/tests/test_log_filters.py b/tests/test_log_filters.py
@@ -1,12 +1,12 @@
 import unittest
 from unittest.mock import patch
-from logging import LogRecord
+import logging
 from requests_oauthlib.log_filters import DebugModeTokenFilter
 
 class TestDebugModeTokenFilter(unittest.TestCase):
 
     def setUp(self):
-        self.record = LogRecord(name="test", level=20, pathname=None, lineno=None, msg="Bearer i-am-a-token", args=None, exc_info=None)
+        self.record = logging.LogRecord(name="test", level=logging.DEBUG, pathname=None, lineno=None, msg="Bearer i-am-a-little-token-here-is-my-scope-and-here-is-my-signature", args=None, exc_info=None)
 
     @patch.dict('os.environ', {'DEBUG_MODE_TOKEN_FILTER': 'MASK'})
     def test_mask_mode(self):
@@ -18,10 +18,10 @@ def test_mask_mode(self):
     def test_suppress_mode(self):
         filter = DebugModeTokenFilter()
         result = filter.filter(self.record)
-        self.assertFalse(result) # Check that nothing is logged
+        self.assertFalse(result) # No logging
 
     @patch.dict('os.environ', {'DEBUG_MODE_TOKEN_FILTER': 'DEFAULT'})
-    def test_default_mode(self):
+    def test_default_mode_raises_warning(self):
         filter = DebugModeTokenFilter()
         with self.assertRaises(Warning) as context:
             filter.filter(self.record)
