MP-432 fix settings

muehlemann-popp · Sep 15, 2023 · 183dd58 · 183dd58
1 parent e76679f
commit 183dd58
Show file tree

Hide file tree

Showing 4 changed files with 69 additions and 47 deletions.
diff --git a/README.md b/README.md
@@ -119,7 +119,7 @@ These are the settings that can be customized for the middleware:
 - `LOG_MAX_DEPTH`: Maximum depth for data to be logged. Default is `4`.
 
 Note:
-- All settings are imported from `django_google_structured_logger.settings`.
+- All settings are imported from `django_google_structured_logger.constants`.
 
 
 ### Other Notes:

diff --git a/django_google_structured_logger/constants.py b/django_google_structured_logger/constants.py
@@ -0,0 +1,43 @@
+DEFAULT_SENSITIVE_KEYS = [
+    "^password$",
+    ".*secret.*",
+    ".*token.*",
+    ".*key.*",
+    ".*pass.*",
+    ".*auth.*",
+    "^Bearer.*",
+    ".*ssn.*",  # Social Security Number (or equivalent in some countries)
+    ".*credit.*card.*",  # Credit card numbers
+    ".*cvv.*",  # CVV code for credit cards
+    ".*dob.*",  # Date of Birth
+    ".*pin.*",  # Personal Identification Numbers
+    ".*salt.*",  # Salts used in cryptography
+    ".*encrypt.*",  # Encryption keys or related values
+    ".*api.*",  # API keys
+    ".*jwt.*",  # JSON Web Tokens
+    ".*session.*id.*",  # Session Identifiers
+    "^Authorization$",  # Authorization headers
+    ".*user.*name.*",  # Usernames (can sometimes be used in combination with other data for malicious purposes)
+    ".*address.*",  # Physical or email addresses
+    ".*phone.*",  # Phone numbers
+    "^otp.*",  # One-Time Passwords or related values
+]
+
+DEFAULT_SENSITIVE_HEADERS = [
+    "Authorization",  # Tokens and credentials
+    "Cookie",  # User session identifiers
+    "Set-Cookie",  # Server set session identifiers
+    "X-API-Key",  # API keys
+    "X-CSRFToken",  # CSRF tokens
+    "Proxy-Authorization",  # Credentials for a proxy connection
+    "If-None-Match",  # Can be used for cache fingerprinting
+    "Server",  # Can reveal specifics about the server
+    "WWW-Authenticate",  # Authentication method details
+    "X-Correlation-ID",  # Correlation IDs for logging
+    "X-Frame-Options",  # Security-related header
+    "Strict-Transport-Security",  # Security-related header
+    "X-XSS-Protection",  # Security-related header
+    "X-Content-Type-Options",  # Security-related header
+    "X-Download-Options",  # Security-related header
+    "X-Permitted-Cross-Domain-Policies",  # Security-related header
+]
diff --git a/django_google_structured_logger/settings.py b/django_google_structured_logger/settings.py
@@ -1,58 +1,14 @@
 from django.conf import settings
 
-DEFAULT_SENSITIVE_KEYS = [
-    "^password$",
-    ".*secret.*",
-    ".*token.*",
-    ".*key.*",
-    ".*pass.*",
-    ".*auth.*",
-    "^Bearer.*",
-    ".*ssn.*",  # Social Security Number (or equivalent in some countries)
-    ".*credit.*card.*",  # Credit card numbers
-    ".*cvv.*",  # CVV code for credit cards
-    ".*dob.*",  # Date of Birth
-    ".*pin.*",  # Personal Identification Numbers
-    ".*salt.*",  # Salts used in cryptography
-    ".*encrypt.*",  # Encryption keys or related values
-    ".*api.*",  # API keys
-    ".*jwt.*",  # JSON Web Tokens
-    ".*session.*id.*",  # Session Identifiers
-    "^Authorization$",  # Authorization headers
-    ".*user.*name.*",  # Usernames (can sometimes be used in combination with other data for malicious purposes)
-    ".*address.*",  # Physical or email addresses
-    ".*phone.*",  # Phone numbers
-    "^otp.*",  # One-Time Passwords or related values
-]
-
-DEFAULT_SENSITIVE_HEADERS = [
-    "Authorization",  # Tokens and credentials
-    "Cookie",  # User session identifiers
-    "Set-Cookie",  # Server set session identifiers
-    "X-API-Key",  # API keys
-    "X-CSRFToken",  # CSRF tokens
-    "Proxy-Authorization",  # Credentials for a proxy connection
-    "If-None-Match",  # Can be used for cache fingerprinting
-    "Server",  # Can reveal specifics about the server
-    "WWW-Authenticate",  # Authentication method details
-    "X-Correlation-ID",  # Correlation IDs for logging
-    "X-Frame-Options",  # Security-related header
-    "Strict-Transport-Security",  # Security-related header
-    "X-XSS-Protection",  # Security-related header
-    "X-Content-Type-Options",  # Security-related header
-    "X-Download-Options",  # Security-related header
-    "X-Permitted-Cross-Domain-Policies",  # Security-related header
-]
+from django_google_structured_logger.constants import DEFAULT_SENSITIVE_HEADERS, DEFAULT_SENSITIVE_KEYS
 
 LOG_MAX_STR_LEN = getattr(settings, "LOG_MAX_STR_LEN", 200)
 LOG_MAX_LIST_LEN = getattr(settings, "LOG_MAX_LIST_LEN", 10)
 LOG_EXCLUDED_ENDPOINTS = getattr(settings, "LOG_EXCLUDED_ENDPOINTS", [])
 LOG_SENSITIVE_KEYS = getattr(settings, "LOG_SENSITIVE_KEYS", DEFAULT_SENSITIVE_KEYS)
 LOG_MASK_STYLE = getattr(settings, "LOG_MASK_STYLE", "partial")
 LOG_MIDDLEWARE_ENABLED = getattr(settings, "LOG_MIDDLEWARE_ENABLED", True)
-LOG_EXCLUDED_HEADERS = getattr(
-    settings, "LOG_EXCLUDED_HEADERS", DEFAULT_SENSITIVE_HEADERS
-)
+LOG_EXCLUDED_HEADERS = getattr(settings, "LOG_EXCLUDED_HEADERS", DEFAULT_SENSITIVE_HEADERS)
 LOG_USER_ID_FIELD = getattr(settings, "LOG_USER_ID_FIELD", "id")
 LOG_USER_DISPLAY_FIELD = getattr(settings, "LOG_USER_DISPLAY_FIELD", "email")
 LOG_MAX_DEPTH = getattr(settings, "LOG_MAX_DEPTH", 4)
diff --git a/pyproject.toml b/pyproject.toml
@@ -32,3 +32,26 @@ pretty = true
 profile = "black"
 line_length = 120
 skip_glob = ["**/migrations/*.py"]
+
+[tool.black]
+line-length = 120
+target-version = ['py38']
+exclude = '''
+(
+  /(
+      \.eggs         # exclude a few common directories in the
+    | \.git          # root of the project
+    | \.hg
+    | \.mypy_cache
+    | \.tox
+    | \.venv
+    | _build
+    | buck-out
+    | build
+    | dist
+    | venv
+    | migrations
+    | \.exports
+  )/
+)
+'''