synapse-product/synapse/http
Eric Eastwood db868db594
Fix access token leak to logs from proxyagent (#13855)
This can happen specifically with an application service `/transactions/10722?access_token=leaked` request

Fix https://github.com/matrix-org/synapse/issues/13010

---

Saw an example leak in https://github.com/matrix-org/synapse/issues/13423#issuecomment-1205348482

```
2022-08-04 14:47:57,925 - synapse.http.client - 401 - DEBUG - as-sender-signal-1 - Sending request PUT http://localhost:29328/transactions/10722?access_token=<redacted>
2022-08-04 14:47:57,926 - synapse.http.proxyagent - 223 - DEBUG - as-sender-signal-1 - Requesting b'http://localhost:29328/transactions/10722?access_token=leaked' via <HostnameEndpoint localhost:29328>
```
2022-09-23 11:49:39 -05:00
..
federation Reduce the number of "untyped defs" (#12716) 2022-05-12 14:33:50 +00:00
__init__.py Add missing type hints to synapse.http. (#11571) 2021-12-14 07:00:47 -05:00
additional_resource.py Add missing type hints to synapse.http. (#11571) 2021-12-14 07:00:47 -05:00
client.py Reduce the number of "untyped defs" (#12716) 2022-05-12 14:33:50 +00:00
connectproxyclient.py Another batch of type annotations (#12726) 2022-05-13 12:35:31 +01:00
matrixfederationclient.py Validate federation destinations and log an error if server name is invalid. (#13318) 2022-07-20 11:17:26 -07:00
proxyagent.py Fix access token leak to logs from proxyagent (#13855) 2022-09-23 11:49:39 -05:00
request_metrics.py Reduce the number of "untyped defs" (#12716) 2022-05-12 14:33:50 +00:00
server.py Generalise the @cancellable annotation so it can be used on functions other than just servlet methods. (#13662) 2022-08-31 11:16:05 +00:00
servlet.py A second batch of Pydantic models for rest/client/account.py (#13687) 2022-09-07 12:16:10 +01:00
site.py Be able to correlate timeouts in reverse-proxy layer in front of Synapse (pull request ID from header) (#13801) 2022-09-15 15:32:25 -05:00
types.py Unify HTTP query parameter type hints (#12415) 2022-04-08 13:06:51 +01:00