From 8933765635d01c2bcc3f6679e0ab8c0b9e448a3b Mon Sep 17 00:00:00 2001 From: Lin Yang Date: Wed, 8 Jul 2015 13:53:15 +0800 Subject: [PATCH] Hide TrustId in log to tighten up security Current the value of TrustId is showed in plaintext in log when murano creates trustes and operates with data. So add 'trustid' in token_sanitizer to hide it like token and pass. Closes-Bug: #1472331 Change-Id: I1e9ea8298a7ffd9aa742cf73fada69db3a734712 --- murano/common/helpers/token_sanitizer.py | 3 ++- murano/tests/unit/common/helpers/token_sanitizer_tests.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/murano/common/helpers/token_sanitizer.py b/murano/common/helpers/token_sanitizer.py index acb7742c..f1ed2876 100644 --- a/murano/common/helpers/token_sanitizer.py +++ b/murano/common/helpers/token_sanitizer.py @@ -21,7 +21,8 @@ class TokenSanitizer(object): Simply searches attribute with `look a like` name as one of the token and replace it value with message. """ - def __init__(self, tokens=('token', 'pass'), message='*** SANITIZED ***'): + def __init__(self, tokens=('token', 'pass', 'trustid'), + message='*** SANITIZED ***'): """Init method of TokenSanitizer. :param tokens: iterable with tokens :param message: string by which each token going to be replaced diff --git a/murano/tests/unit/common/helpers/token_sanitizer_tests.py b/murano/tests/unit/common/helpers/token_sanitizer_tests.py index 0a47d167..cbd98efc 100644 --- a/murano/tests/unit/common/helpers/token_sanitizer_tests.py +++ b/murano/tests/unit/common/helpers/token_sanitizer_tests.py @@ -25,11 +25,12 @@ class TokenSanitizerTests(base.MuranoTestCase): self.assertEqual(value['token'], self.sanitizer.message) def test_dict_with_few_value(self): - source = {'token': 'value', 'pass': 'value'} + source = {'token': 'value', 'pass': 'value', 'TrustId': 'value'} value = self.sanitizer.sanitize(source) self.assertEqual(value['token'], self.sanitizer.message) self.assertEqual(value['pass'], self.sanitizer.message) + self.assertEqual(value['TrustId'], self.sanitizer.message) def test_dict_with_nested_dict(self): source = {'obj': {'pass': 'value'}}