Fix access token leak to logs from proxyagent

Saw that an example leak in #13423 (comment) ``` 2022-08-04 14:47:57,925 - synapse.http.client - 401 - DEBUG - as-sender-signal-1 - Sending request PUT http://localhost:29328/transactions/10722?access_token=<redacted> 2022-08-04 14:47:57,926 - synapse.http.proxyagent - 223 - DEBUG - as-sender-signal-1 - Requesting b'http://localhost:29328/transactions/10722?access_token=leaked' via <HostnameEndpoint localhost:29328> ```
matrix-org · Sep 20, 2022 · a5eb7f9 · a5eb7f9
1 parent 2b522cc
commit a5eb7f9
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/synapse/http/proxyagent.py b/synapse/http/proxyagent.py
@@ -36,6 +36,7 @@
 from twisted.web.http_headers import Headers
 from twisted.web.iweb import IAgent, IBodyProducer, IPolicyForHTTPS
 
+from synapse.http import redact_uri
 from synapse.http.connectproxyclient import HTTPConnectProxyEndpoint, ProxyCredentials
 from synapse.types import ISynapseReactor
 
@@ -220,7 +221,7 @@ def request(
                 self._reactor, parsed_uri.host, parsed_uri.port, **self._endpoint_kwargs
             )
 
-        logger.debug("Requesting %s via %s", uri, endpoint)
+        logger.debug("Requesting %s via %s", redact_uri(uri), endpoint)
 
         if parsed_uri.scheme == b"https":
             tls_connection_creator = self._policy_for_https.creatorForNetloc(