fix strutils password regex

Those regexes will fix Object style representation output.
See the payload used in tests for details. This kind
of output can be obtained by using the command:

```
$ openstack --debug
```

Co-Authored-By: Daniel Bengtsson <dbengt@redhat.com>
Change-Id: I9024be93b109d1b64ca736546c0f69db7a5e06d0
This commit is contained in:
Hervé Beraud 2022-03-09 14:23:29 +01:00
parent c03c07cd72
commit de4429f2be
3 changed files with 18 additions and 0 deletions

View File

@ -79,6 +79,8 @@ _SANITIZE_PATTERNS_WILDCARD = {}
# have two parameters. Use different lists of patterns here.
_FORMAT_PATTERNS_1 = [r'(%(key)s[0-9]*\s*[=]\s*)[^\s^\'^\"]+']
_FORMAT_PATTERNS_2 = [r'(%(key)s[0-9]*\s*[=]\s*[\"\'])[^\"\']*([\"\'])',
r'(%(key)s[0-9]*\s*[=]\s*[\"])[^\"]*([\"])',
r'(%(key)s[0-9]*\s*[=]\s*[\'])[^\']*([\'])',
r'(%(key)s[0-9]*\s+[\"\'])[^\"\']*([\"\'])',
r'([-]{2}%(key)s[0-9]*\s+)[^\'^\"^=^\s]+([\s]*)',
r'(<%(key)s[0-9]*>)[^<]*(</%(key)s[0-9]*>)',

View File

@ -289,6 +289,17 @@ StringToBytesTest.generate_scenarios()
class MaskPasswordTestCase(test_base.BaseTestCase):
def test_namespace_objects(self):
payload = """
Namespace(passcode='', username='', password='my"password',
profile='', verify=None, token='')
"""
expected = """
Namespace(passcode='', username='', password='***',
profile='', verify=None, token='***')
"""
self.assertEqual(expected, strutils.mask_password(payload))
def test_sanitize_keys(self):
lowered = [k.lower() for k in strutils._SANITIZE_KEYS]

View File

@ -0,0 +1,5 @@
---
security:
- |
This patch ensures that we mask sensitive data when masking password, even
if double quotes are used as password value.