fix strutils password regex
Those regexes will fix Object style representation output. See the payload used in tests for details. This kind of output can be obtained by using the command: ``` $ openstack --debug ``` Co-Authored-By: Daniel Bengtsson <dbengt@redhat.com> Change-Id: I9024be93b109d1b64ca736546c0f69db7a5e06d0 (cherry picked from commitde4429f2be
) (cherry picked from commit2c1b062877
)
This commit is contained in:
parent
5ce8a7f0f8
commit
90a5046720
|
@ -79,6 +79,8 @@ _SANITIZE_PATTERNS_WILDCARD = {}
|
|||
# have two parameters. Use different lists of patterns here.
|
||||
_FORMAT_PATTERNS_1 = [r'(%(key)s[0-9]*\s*[=]\s*)[^\s^\'^\"]+']
|
||||
_FORMAT_PATTERNS_2 = [r'(%(key)s[0-9]*\s*[=]\s*[\"\'])[^\"\']*([\"\'])',
|
||||
r'(%(key)s[0-9]*\s*[=]\s*[\"])[^\"]*([\"])',
|
||||
r'(%(key)s[0-9]*\s*[=]\s*[\'])[^\']*([\'])',
|
||||
r'(%(key)s[0-9]*\s+[\"\'])[^\"\']*([\"\'])',
|
||||
r'([-]{2}%(key)s[0-9]*\s+)[^\'^\"^=^\s]+([\s]*)',
|
||||
r'(<%(key)s[0-9]*>)[^<]*(</%(key)s[0-9]*>)',
|
||||
|
|
|
@ -289,6 +289,17 @@ StringToBytesTest.generate_scenarios()
|
|||
|
||||
class MaskPasswordTestCase(test_base.BaseTestCase):
|
||||
|
||||
def test_namespace_objects(self):
|
||||
payload = """
|
||||
Namespace(passcode='', username='', password='my"password',
|
||||
profile='', verify=None, token='')
|
||||
"""
|
||||
expected = """
|
||||
Namespace(passcode='', username='', password='***',
|
||||
profile='', verify=None, token='***')
|
||||
"""
|
||||
self.assertEqual(expected, strutils.mask_password(payload))
|
||||
|
||||
def test_sanitize_keys(self):
|
||||
|
||||
lowered = [k.lower() for k in strutils._SANITIZE_KEYS]
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
security:
|
||||
- |
|
||||
This patch ensures that we mask sensitive data when masking password, even
|
||||
if double quotes are used as password value.
|
Loading…
Reference in New Issue