From ed312c24f97b5e5252385b1f6af7839a180723fd Mon Sep 17 00:00:00 2001 From: Jaime Fullaondo Date: Wed, 28 Oct 2015 15:39:11 -0400 Subject: [PATCH] Remove passwords from URIs. Modifying regex, POSIX classes unavailable. Correcting typo. Adding unit test for password in uri removal. Adding a new unit test, different approach. Adding another uri password unit test with punctuation in password. Fixing typo. --- tests/core/fixtures/flare/password_uri.yaml | 10 +++++ tests/core/test_flare.py | 41 +++++++++++++++++++++ utils/flare.py | 5 +++ 3 files changed, 56 insertions(+) create mode 100644 tests/core/fixtures/flare/password_uri.yaml diff --git a/tests/core/fixtures/flare/password_uri.yaml b/tests/core/fixtures/flare/password_uri.yaml new file mode 100644 index 0000000000..6279faceba --- /dev/null +++ b/tests/core/fixtures/flare/password_uri.yaml @@ -0,0 +1,10 @@ +init_config: + +instances: + - server: mongodb://datadog:V3pZC7ghx1ne82XkyqLnOW36@localhost:27017/admin + tags: + - foo + +# - server: mongodb://datadog:V3pZC7ghx1ne82XkyqLnOW36@localhost:27017/movies +# tags: +# - bar diff --git a/tests/core/test_flare.py b/tests/core/test_flare.py index 31f4633951..76e0bc6275 100644 --- a/tests/core/test_flare.py +++ b/tests/core/test_flare.py @@ -1,6 +1,7 @@ # stdlib import os.path import unittest +import re # 3p import mock @@ -28,6 +29,16 @@ def get_mocked_temp(): 'flare' ) +mock_cfgs = { + 'uri_password' : 'password_uri.yaml', +} + +password_tests = { + 'uri_password' : ' - server: mongodb://datadog:V3pZC7ghx1ne82XkyqLnOW36@localhost:27017/admin', + 'uri_password_2' : ' - server: mongodb://datadog:V3!pZC7ghx1ne8#-2XkyqLnOW36!?@localhost:27017/admin', + 'uri_password_expected' : ' - server: mongodb://datadog:********@localhost:27017/admin', +} + def mocked_strftime(t): return '1' @@ -121,3 +132,33 @@ def test_endpoint(self, mock_config, mock_temp, mock_stfrtime): raise Exception('Should fail before') except Exception, e: self.assertEqual(str(e), "Your request is incorrect: Invalid inputs: 'API key unknown'") + + @attr(requires='core_integration') + @mock.patch('utils.flare.strftime', side_effect=mocked_strftime) + @mock.patch('tempfile.gettempdir', side_effect=get_mocked_temp) + @mock.patch('utils.flare.get_config', side_effect=get_mocked_config) + def test_uri_password(self, mock_config, mock_tempdir, mock_strftime): + f = Flare() + _, password_found = f._strip_password(os.path.join(get_mocked_temp(), mock_cfgs['uri_password'])) + self.assertEqual( + password_found, + " - this file contains a password in a uri which has been removed in the version collected" + ) + + @attr(requires='core_integration') + @mock.patch('utils.flare.strftime', side_effect=mocked_strftime) + @mock.patch('tempfile.gettempdir', side_effect=get_mocked_temp) + @mock.patch('utils.flare.get_config', side_effect=get_mocked_config) + def test_uri_password_regex(self, mock_config, mock_tempdir, mock_strftime): + f = Flare() + line = re.sub(f.URI_REGEX, r'\1://\2:********@', password_tests['uri_password']) + self.assertEqual( + line, + password_tests['uri_password_expected'] + ) + + line = re.sub(f.URI_REGEX, r'\1://\2:********@', password_tests['uri_password_2']) + self.assertEqual( + line, + password_tests['uri_password_expected'] + ) diff --git a/utils/flare.py b/utils/flare.py index 5b348d95b4..fda273a30d 100644 --- a/utils/flare.py +++ b/utils/flare.py @@ -75,6 +75,7 @@ class Flare(object): DATADOG_SUPPORT_URL = '/support/flare' PASSWORD_REGEX = re.compile('( *(\w|_)*pass(word)?:).+') + URI_REGEX = re.compile('(.*\ [A-Za-z0-9]+)\:\/\/([A-Za-z0-9]+)\:(.+)\@') COMMENT_REGEX = re.compile('^ *#.*') APIKEY_REGEX = re.compile('^api_key: *\w+(\w{5})$') REPLACE_APIKEY = r'api_key: *************************\1' @@ -363,6 +364,10 @@ def _strip_password(self, file_path): line = re.sub(self.PASSWORD_REGEX, r'\1 ********', line) password_found = ' - this file contains a password which '\ 'has been removed in the version collected' + if self.URI_REGEX.match(line): + line = re.sub(self.URI_REGEX, r'\1://\2:********@', line) + password_found = ' - this file contains a password in a uri which '\ + 'has been removed in the version collected' if not self.COMMENT_REGEX.match(line): temp_file.write(line)