diff options
| author | Hervé Beraud <hberaud@redhat.com> | 2022-03-09 14:23:29 +0100 |
|---|---|---|
| committer | Hervé Beraud <hberaud@redhat.com> | 2022-03-10 15:58:01 +0100 |
| commit | 2c1b0628771695e546b0acb1e3c44c16c0c690db (patch) | |
| tree | 5b15a42339c02c91046822e2007d10add155d74a | |
| parent | eb0c50a45e240fba54f16c1fc76c2d442df3e678 (diff) | |
| download | oslo-utils-2c1b0628771695e546b0acb1e3c44c16c0c690db.tar.gz | |
fix strutils password regex4.12.3
Those regexes will fix Object style representation output.
See the payload used in tests for details. This kind
of output can be obtained by using the command:
```
$ openstack --debug
```
Co-Authored-By: Daniel Bengtsson <dbengt@redhat.com>
Change-Id: I9024be93b109d1b64ca736546c0f69db7a5e06d0
(cherry picked from commit de4429f2be5fa21d1f6e1cacbb3c8417a7c56310)
| -rw-r--r-- | oslo_utils/strutils.py | 2 | ||||
| -rw-r--r-- | oslo_utils/tests/test_strutils.py | 11 | ||||
| -rw-r--r-- | releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml | 5 |
3 files changed, 18 insertions, 0 deletions
diff --git a/oslo_utils/strutils.py b/oslo_utils/strutils.py index e27a63d..0bb9fc5 100644 --- a/oslo_utils/strutils.py +++ b/oslo_utils/strutils.py @@ -79,6 +79,8 @@ _SANITIZE_PATTERNS_WILDCARD = {} # have two parameters. Use different lists of patterns here. _FORMAT_PATTERNS_1 = [r'(%(key)s[0-9]*\s*[=]\s*)[^\s^\'^\"]+'] _FORMAT_PATTERNS_2 = [r'(%(key)s[0-9]*\s*[=]\s*[\"\'])[^\"\']*([\"\'])', + r'(%(key)s[0-9]*\s*[=]\s*[\"])[^\"]*([\"])', + r'(%(key)s[0-9]*\s*[=]\s*[\'])[^\']*([\'])', r'(%(key)s[0-9]*\s+[\"\'])[^\"\']*([\"\'])', r'([-]{2}%(key)s[0-9]*\s+)[^\'^\"^=^\s]+([\s]*)', r'(<%(key)s[0-9]*>)[^<]*(</%(key)s[0-9]*>)', diff --git a/oslo_utils/tests/test_strutils.py b/oslo_utils/tests/test_strutils.py index ef679ff..12a0990 100644 --- a/oslo_utils/tests/test_strutils.py +++ b/oslo_utils/tests/test_strutils.py @@ -289,6 +289,17 @@ StringToBytesTest.generate_scenarios() class MaskPasswordTestCase(test_base.BaseTestCase): + def test_namespace_objects(self): + payload = """ + Namespace(passcode='', username='', password='my"password', + profile='', verify=None, token='') + """ + expected = """ + Namespace(passcode='', username='', password='***', + profile='', verify=None, token='***') + """ + self.assertEqual(expected, strutils.mask_password(payload)) + def test_sanitize_keys(self): lowered = [k.lower() for k in strutils._SANITIZE_KEYS] diff --git a/releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml b/releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml new file mode 100644 index 0000000..15b3efb --- /dev/null +++ b/releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml @@ -0,0 +1,5 @@ +--- +security: + - | + This patch ensures that we mask sensitive data when masking password, even + if double quotes are used as password value. |