From 42e6b7b64609c0bf704a0ddbdac1c8329423009d Mon Sep 17 00:00:00 2001 From: paul-carlton2 Date: Fri, 4 Sep 2015 19:36:54 +0100 Subject: [PATCH] Add 'token' to list of fields to be santized by mask_password A forthcoming fix to openstack/nova will use this to complete the fix. Change-Id: Ia07ca4b6f42577d45a53749511cfb6af1492678a Partial-Bug: #1492140 --- .gitignore | 2 +- oslo_utils/strutils.py | 2 +- oslo_utils/tests/test_strutils.py | 13 +++++++++++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 1399c981..dfe851d0 100644 --- a/.gitignore +++ b/.gitignore @@ -48,4 +48,4 @@ ChangeLog # Editors *~ -.*.swp \ No newline at end of file +.*.swp diff --git a/oslo_utils/strutils.py b/oslo_utils/strutils.py index dde038c0..33563ef1 100644 --- a/oslo_utils/strutils.py +++ b/oslo_utils/strutils.py @@ -53,7 +53,7 @@ SLUGIFY_HYPHENATE_RE = re.compile(r"[-\s]+") # NOTE(flaper87): The following globals are used by `mask_password` _SANITIZE_KEYS = ['adminPass', 'admin_pass', 'password', 'admin_password', 'auth_token', 'new_pass', 'auth_password', 'secret_uuid', - 'sys_pswd'] + 'sys_pswd', 'token'] # NOTE(ldbragst): Let's build a list of regex objects using the list of # _SANITIZE_KEYS we already have. This way, we only have to add the new key diff --git a/oslo_utils/tests/test_strutils.py b/oslo_utils/tests/test_strutils.py index 89734c31..959b57df 100644 --- a/oslo_utils/tests/test_strutils.py +++ b/oslo_utils/tests/test_strutils.py @@ -312,6 +312,14 @@ class MaskPasswordTestCase(test_base.BaseTestCase): payload = """{ 'secret_uuid' : 'myuuid' }""" expected = """{ 'secret_uuid' : '***' }""" self.assertEqual(expected, strutils.mask_password(payload)) + # Test 'token' w/o spaces + payload = """{'token':'token'}""" + expected = """{'token':'***'}""" + self.assertEqual(expected, strutils.mask_password(payload)) + # Test 'token' with spaces + payload = """{ 'token' : 'token' }""" + expected = """{ 'token' : '***' }""" + self.assertEqual(expected, strutils.mask_password(payload)) def test_xml(self): # Test 'adminPass' w/o spaces @@ -531,6 +539,11 @@ class MaskPasswordTestCase(test_base.BaseTestCase): expected = """{'adminPass':'***'}""" self.assertEqual(expected, strutils.mask_password(payload)) + payload = """{'token':'mytoken'}""" + payload = six.text_type(payload) + expected = """{'token':'***'}""" + self.assertEqual(expected, strutils.mask_password(payload)) + payload = ("test = 'node.session.auth.password','-v','mypassword'," "'nomask'") expected = ("test = 'node.session.auth.password','-v','***',"