diff options
author | Hervé Beraud <hberaud@redhat.com> | 2022-03-09 14:23:29 +0100 |
---|---|---|
committer | Hervé Beraud <hberaud@redhat.com> | 2022-03-10 16:29:57 +0100 |
commit | 90a504672071d61bdae3206c4764bd3528c165d6 (patch) | |
tree | 57ec60eb7f91b0fa94d06a5f7b3988a3640ff6e8 | |
parent | 5ce8a7f0f8ecec7a85a23ec3d7a7fb1cad14ceba (diff) | |
download | oslo-utils-90a504672071d61bdae3206c4764bd3528c165d6.tar.gz |
Those regexes will fix Object style representation output.
See the payload used in tests for details. This kind
of output can be obtained by using the command:
```
$ openstack --debug
```
Co-Authored-By: Daniel Bengtsson <dbengt@redhat.com>
Change-Id: I9024be93b109d1b64ca736546c0f69db7a5e06d0
(cherry picked from commit de4429f2be5fa21d1f6e1cacbb3c8417a7c56310)
(cherry picked from commit 2c1b0628771695e546b0acb1e3c44c16c0c690db)
-rw-r--r-- | oslo_utils/strutils.py | 2 | ||||
-rw-r--r-- | oslo_utils/tests/test_strutils.py | 11 | ||||
-rw-r--r-- | releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml | 5 |
3 files changed, 18 insertions, 0 deletions
diff --git a/oslo_utils/strutils.py b/oslo_utils/strutils.py index e27a63d..0bb9fc5 100644 --- a/oslo_utils/strutils.py +++ b/oslo_utils/strutils.py @@ -79,6 +79,8 @@ _SANITIZE_PATTERNS_WILDCARD = {} # have two parameters. Use different lists of patterns here. _FORMAT_PATTERNS_1 = [r'(%(key)s[0-9]*\s*[=]\s*)[^\s^\'^\"]+'] _FORMAT_PATTERNS_2 = [r'(%(key)s[0-9]*\s*[=]\s*[\"\'])[^\"\']*([\"\'])', + r'(%(key)s[0-9]*\s*[=]\s*[\"])[^\"]*([\"])', + r'(%(key)s[0-9]*\s*[=]\s*[\'])[^\']*([\'])', r'(%(key)s[0-9]*\s+[\"\'])[^\"\']*([\"\'])', r'([-]{2}%(key)s[0-9]*\s+)[^\'^\"^=^\s]+([\s]*)', r'(<%(key)s[0-9]*>)[^<]*(</%(key)s[0-9]*>)', diff --git a/oslo_utils/tests/test_strutils.py b/oslo_utils/tests/test_strutils.py index ef679ff..12a0990 100644 --- a/oslo_utils/tests/test_strutils.py +++ b/oslo_utils/tests/test_strutils.py @@ -289,6 +289,17 @@ StringToBytesTest.generate_scenarios() class MaskPasswordTestCase(test_base.BaseTestCase): + def test_namespace_objects(self): + payload = """ + Namespace(passcode='', username='', password='my"password', + profile='', verify=None, token='') + """ + expected = """ + Namespace(passcode='', username='', password='***', + profile='', verify=None, token='***') + """ + self.assertEqual(expected, strutils.mask_password(payload)) + def test_sanitize_keys(self): lowered = [k.lower() for k in strutils._SANITIZE_KEYS] diff --git a/releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml b/releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml new file mode 100644 index 0000000..15b3efb --- /dev/null +++ b/releasenotes/notes/mask-password-pattern-c8c880098743de3e.yaml @@ -0,0 +1,5 @@ +--- +security: + - | + This patch ensures that we mask sensitive data when masking password, even + if double quotes are used as password value. |