diff options
-rw-r--r-- | oslo_utils/strutils.py | 12 | ||||
-rw-r--r-- | oslo_utils/tests/test_strutils.py | 6 |
2 files changed, 12 insertions, 6 deletions
diff --git a/oslo_utils/strutils.py b/oslo_utils/strutils.py index 40c45dd..6295bde 100644 --- a/oslo_utils/strutils.py +++ b/oslo_utils/strutils.py @@ -55,7 +55,7 @@ SLUGIFY_HYPHENATE_RE = re.compile(r"[-\s]+") # NOTE(flaper87): The following globals are used by `mask_password` and -# `mask_dict_password` +# `mask_dict_password`. They must all be lowercase. _SANITIZE_KEYS = ['adminpass', 'admin_pass', 'password', 'admin_password', 'auth_token', 'new_pass', 'auth_password', 'secret_uuid', 'secret', 'sys_pswd', 'token', 'configdrive', @@ -83,11 +83,11 @@ _FORMAT_PATTERNS_2 = [r'(%(key)s[0-9]*\s*[=]\s*[\"\'])[^\"\']*([\"\'])', r'([-]{2}%(key)s[0-9]*\s+)[^\'^\"^=^\s]+([\s]*)', r'(<%(key)s[0-9]*>)[^<]*(</%(key)s[0-9]*>)', r'([\"\']%(key)s[0-9]*[\"\']\s*:\s*[\"\'])[^\"\']*' - '([\"\'])', + r'([\"\'])', r'([\'"][^"\']*%(key)s[0-9]*[\'"]\s*:\s*u?[\'"])[^\"\']*' - '([\'"])', + r'([\'"])', r'([\'"][^\'"]*%(key)s[0-9]*[\'"]\s*,\s*\'--?[A-z]+' - '\'\s*,\s*u?[\'"])[^\"\']*([\'"])', + r'\'\s*,\s*u?[\'"])[^\"\']*([\'"])', r'(%(key)s[0-9]*\s*--?[A-z]+\s*)\S+(\s*)'] # NOTE(dhellmann): Keep a separate list of patterns by key so we only @@ -337,7 +337,7 @@ def mask_password(message, secret="***"): # nosec # specified in _SANITIZE_KEYS, if not then just return the message since # we don't have to mask any passwords. for key in _SANITIZE_KEYS: - if key.lower() in message.lower(): + if key in message.lower(): for pattern in _SANITIZE_PATTERNS_2[key]: message = re.sub(pattern, substitute2, message) for pattern in _SANITIZE_PATTERNS_1[key]: @@ -413,7 +413,7 @@ def mask_dict_password(dictionary, secret="***"): # nosec k_matched = False if isinstance(k, six.string_types): for sani_key in _SANITIZE_KEYS: - if sani_key.lower() in k.lower(): + if sani_key in k.lower(): out[k] = secret k_matched = True break diff --git a/oslo_utils/tests/test_strutils.py b/oslo_utils/tests/test_strutils.py index 7ed8c54..25e974c 100644 --- a/oslo_utils/tests/test_strutils.py +++ b/oslo_utils/tests/test_strutils.py @@ -296,6 +296,12 @@ StringToBytesTest.generate_scenarios() class MaskPasswordTestCase(test_base.BaseTestCase): + def test_sanitize_keys(self): + + lowered = [k.lower() for k in strutils._SANITIZE_KEYS] + message = "The _SANITIZE_KEYS must all be lowercase." + self.assertEqual(strutils._SANITIZE_KEYS, lowered, message) + def test_json(self): # Test 'adminPass' w/o spaces payload = """{'adminPass':'TL0EfN33'}""" |