diff options
| author | Hervé Beraud <hberaud@redhat.com> | 2022-03-09 14:23:29 +0100 |
|---|---|---|
| committer | Hervé Beraud <herveberaud.pro@gmail.com> | 2022-03-11 15:08:43 +0000 |
| commit | 1656a00d410374bb5a0e4df7e6f7b7ce3433c608 (patch) | |
| tree | 350a8e7f757843bbaadabee40e34f7de1224d039 | |
| parent | 65aa4226d4bf286468da6df6759e364c1eb3e049 (diff) | |
| download | oslo-utils-stable/victoria.tar.gz | |
fix strutils password regexstable/victoria
Those regexes will fix Object style representation output.
See the payload used in tests for details. This kind
of output can be obtained by using the command:
```
$ openstack --debug
```
Co-Authored-By: Daniel Bengtsson <dbengt@redhat.com>
Change-Id: I9024be93b109d1b64ca736546c0f69db7a5e06d0
(cherry picked from commit de4429f2be5fa21d1f6e1cacbb3c8417a7c56310)
(cherry picked from commit 2c1b0628771695e546b0acb1e3c44c16c0c690db)
(cherry picked from commit 90a504672071d61bdae3206c4764bd3528c165d6)
(cherry picked from commit a38b56a6f9438d256d6e0f9b03181015f2b27d8c)
| -rw-r--r-- | oslo_utils/strutils.py | 2 | ||||
| -rw-r--r-- | oslo_utils/tests/test_strutils.py | 11 | ||||
| -rw-r--r-- | releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml | 5 |
3 files changed, 18 insertions, 0 deletions
diff --git a/oslo_utils/strutils.py b/oslo_utils/strutils.py index 4b75613..0ccc0ce 100644 --- a/oslo_utils/strutils.py +++ b/oslo_utils/strutils.py @@ -80,6 +80,8 @@ _SANITIZE_PATTERNS_WILDCARD = {} # have two parameters. Use different lists of patterns here. _FORMAT_PATTERNS_1 = [r'(%(key)s[0-9]*\s*[=]\s*)[^\s^\'^\"]+'] _FORMAT_PATTERNS_2 = [r'(%(key)s[0-9]*\s*[=]\s*[\"\'])[^\"\']*([\"\'])', + r'(%(key)s[0-9]*\s*[=]\s*[\"])[^\"]*([\"])', + r'(%(key)s[0-9]*\s*[=]\s*[\'])[^\']*([\'])', r'(%(key)s[0-9]*\s+[\"\'])[^\"\']*([\"\'])', r'([-]{2}%(key)s[0-9]*\s+)[^\'^\"^=^\s]+([\s]*)', r'(<%(key)s[0-9]*>)[^<]*(</%(key)s[0-9]*>)', diff --git a/oslo_utils/tests/test_strutils.py b/oslo_utils/tests/test_strutils.py index 8c7c6f6..5a4591c 100644 --- a/oslo_utils/tests/test_strutils.py +++ b/oslo_utils/tests/test_strutils.py @@ -297,6 +297,17 @@ StringToBytesTest.generate_scenarios() class MaskPasswordTestCase(test_base.BaseTestCase): + def test_namespace_objects(self): + payload = """ + Namespace(passcode='', username='', password='my"password', + profile='', verify=None, token='') + """ + expected = """ + Namespace(passcode='', username='', password='***', + profile='', verify=None, token='***') + """ + self.assertEqual(expected, strutils.mask_password(payload)) + def test_sanitize_keys(self): lowered = [k.lower() for k in strutils._SANITIZE_KEYS] diff --git a/releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml b/releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml new file mode 100644 index 0000000..15b3efb --- /dev/null +++ b/releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml @@ -0,0 +1,5 @@ +--- +security: + - | + This patch ensures that we mask sensitive data when masking password, even + if double quotes are used as password value. |