From 09503126df928d42e7932394b1cbefa4662bd212 Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Sat, 2 Jun 2018 23:25:13 +0100
Subject: [PATCH] Strip `access_token` from outgoing requests using existing
 regex

---
 synapse/http/client.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/synapse/http/client.py b/synapse/http/client.py
index 4d4eee3d64..89db33453b 100644
--- a/synapse/http/client.py
+++ b/synapse/http/client.py
@@ -20,6 +20,7 @@ from synapse.api.errors import (
     CodeMessageException, MatrixCodeMessageException, SynapseError, Codes,
 )
 from synapse.http import cancelled_to_request_timed_out_error
+from synapse.http.site import ACCESS_TOKEN_RE
 from synapse.util.async import add_timeout_to_deferred
 from synapse.util.caches import CACHE_SIZE_FACTOR
 from synapse.util.logcontext import make_deferred_yieldable
@@ -90,7 +91,11 @@ class SimpleHttpClient(object):
         # counters to it
         outgoing_requests_counter.labels(method).inc()
 
-        logger.info("Sending request %s %s", method, uri)
+        # log request but strip `access_token` (AS requests for example include this)
+        logger.info("Sending request %s %s", method, ACCESS_TOKEN_RE.sub(
+            r'\1<redacted>\3',
+            uri
+        ))
 
         try:
             request_deferred = self.agent.request(