summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHervé Beraud <hberaud@redhat.com>2022-03-09 14:23:29 +0100
committerHervé Beraud <herveberaud.pro@gmail.com>2022-03-10 20:48:07 +0000
commita38b56a6f9438d256d6e0f9b03181015f2b27d8c (patch)
tree99721f25e40213e03653649a8ce617bf65977cf5
parent4cc3a558244769017ed5d8c3a6e4a63429d1e8e9 (diff)
downloadoslo-utils-a38b56a6f9438d256d6e0f9b03181015f2b27d8c.tar.gz
fix strutils password regexwallaby-em4.8.2
Those regexes will fix Object style representation output. See the payload used in tests for details. This kind of output can be obtained by using the command: ``` $ openstack --debug ``` Co-Authored-By: Daniel Bengtsson <dbengt@redhat.com> Change-Id: I9024be93b109d1b64ca736546c0f69db7a5e06d0 (cherry picked from commit de4429f2be5fa21d1f6e1cacbb3c8417a7c56310) (cherry picked from commit 2c1b0628771695e546b0acb1e3c44c16c0c690db) (cherry picked from commit 90a504672071d61bdae3206c4764bd3528c165d6)
-rw-r--r--oslo_utils/strutils.py2
-rw-r--r--oslo_utils/tests/test_strutils.py11
-rw-r--r--releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml5
3 files changed, 18 insertions, 0 deletions
diff --git a/oslo_utils/strutils.py b/oslo_utils/strutils.py
index 1a3e8d1..e721fb9 100644
--- a/oslo_utils/strutils.py
+++ b/oslo_utils/strutils.py
@@ -79,6 +79,8 @@ _SANITIZE_PATTERNS_WILDCARD = {}
# have two parameters. Use different lists of patterns here.
_FORMAT_PATTERNS_1 = [r'(%(key)s[0-9]*\s*[=]\s*)[^\s^\'^\"]+']
_FORMAT_PATTERNS_2 = [r'(%(key)s[0-9]*\s*[=]\s*[\"\'])[^\"\']*([\"\'])',
+ r'(%(key)s[0-9]*\s*[=]\s*[\"])[^\"]*([\"])',
+ r'(%(key)s[0-9]*\s*[=]\s*[\'])[^\']*([\'])',
r'(%(key)s[0-9]*\s+[\"\'])[^\"\']*([\"\'])',
r'([-]{2}%(key)s[0-9]*\s+)[^\'^\"^=^\s]+([\s]*)',
r'(<%(key)s[0-9]*>)[^<]*(</%(key)s[0-9]*>)',
diff --git a/oslo_utils/tests/test_strutils.py b/oslo_utils/tests/test_strutils.py
index 34e1b47..2d6fa70 100644
--- a/oslo_utils/tests/test_strutils.py
+++ b/oslo_utils/tests/test_strutils.py
@@ -291,6 +291,17 @@ StringToBytesTest.generate_scenarios()
class MaskPasswordTestCase(test_base.BaseTestCase):
+ def test_namespace_objects(self):
+ payload = """
+ Namespace(passcode='', username='', password='my"password',
+ profile='', verify=None, token='')
+ """
+ expected = """
+ Namespace(passcode='', username='', password='***',
+ profile='', verify=None, token='***')
+ """
+ self.assertEqual(expected, strutils.mask_password(payload))
+
def test_sanitize_keys(self):
lowered = [k.lower() for k in strutils._SANITIZE_KEYS]
diff --git a/releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml b/releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml
new file mode 100644
index 0000000..15b3efb
--- /dev/null
+++ b/releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml
@@ -0,0 +1,5 @@
+---
+security:
+ - |
+ This patch ensures that we mask sensitive data when masking password, even
+ if double quotes are used as password value.