From f60bae83d09d022280eeea595b33d4b9142516c6 Mon Sep 17 00:00:00 2001
From: Tim Burke <tim.burke@gmail.com>
Date: Tue, 9 Oct 2018 14:24:22 -0700
Subject: [PATCH] Secure logging by default

As an application developer, you might expect to be able to turn on
debug logging at the root logger with something like

    logging.basicConfig(level=logging.DEBUG)

However, if the application needed to fetch any secrets from a KMIP
server, these previously would be logged as part of the wire protocol.
Further, any passwords in configs would also get logged at DEBUG.
Applications would need to proactively silence such logging, as in
https://github.com/openstack/swift/commit/12b6d46

Now, we will default the logger level to INFO to suppress the debug
logging. However, seeing the on-wire data may still be useful, for
example when developing a new KMIP server. So, allow developers to
consciously set the logger level to DEBUG.
---
 kmip/core/config_helper.py            | 4 ++++
 kmip/services/server/kmip_protocol.py | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/kmip/core/config_helper.py b/kmip/core/config_helper.py
index 38754cc..1b167f0 100644
--- a/kmip/core/config_helper.py
+++ b/kmip/core/config_helper.py
@@ -47,6 +47,10 @@ class ConfigHelper(object):
 
     def __init__(self, path=None):
         self.logger = logging.getLogger(__name__)
+        # DEBUG logging here may expose passwords, so log at INFO by default.
+        # However, if consumers know the risks, let them go ahead and override.
+        if self.logger.level == logging.NOTSET:
+            self.logger.setLevel(logging.INFO)
 
         self.conf = SafeConfigParser()
 
diff --git a/kmip/services/server/kmip_protocol.py b/kmip/services/server/kmip_protocol.py
index 0be8a41..0a0c168 100644
--- a/kmip/services/server/kmip_protocol.py
+++ b/kmip/services/server/kmip_protocol.py
@@ -27,6 +27,10 @@ class KMIPProtocol(object):
     def __init__(self, socket, buffer_size=1024):
         self.socket = socket
         self.logger = logging.getLogger(__name__)
+        # DEBUG logging here may expose secrets, so log at INFO by default.
+        # However, if consumers know the risks, let them go ahead and override.
+        if self.logger.level == logging.NOTSET:
+            self.logger.setLevel(logging.INFO)
 
     def write(self, data):
         if len(data) > 0: