Skip to content

Commit

Permalink
Remove passwords from URIs.
Browse files Browse the repository at this point in the history
Modifying regex, POSIX classes unavailable. Correcting typo.

Adding unit test for password in uri removal.

Adding a new unit test, different approach.

Adding another uri password unit test with punctuation in password.

Fixing typo.
  • Loading branch information
truthbk committed Oct 29, 2015
1 parent 8dc6607 commit ed312c2
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 0 deletions.
10 changes: 10 additions & 0 deletions tests/core/fixtures/flare/password_uri.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
init_config:

instances:
- server: mongodb://datadog:V3pZC7ghx1ne82XkyqLnOW36@localhost:27017/admin
tags:
- foo

# - server: mongodb://datadog:V3pZC7ghx1ne82XkyqLnOW36@localhost:27017/movies
# tags:
# - bar
41 changes: 41 additions & 0 deletions tests/core/test_flare.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# stdlib
import os.path
import unittest
import re

# 3p
import mock
Expand Down Expand Up @@ -28,6 +29,16 @@ def get_mocked_temp():
'flare'
)

mock_cfgs = {
'uri_password' : 'password_uri.yaml',
}

password_tests = {
'uri_password' : ' - server: mongodb://datadog:V3pZC7ghx1ne82XkyqLnOW36@localhost:27017/admin',
'uri_password_2' : ' - server: mongodb://datadog:V3!pZC7ghx1ne8#-2XkyqLnOW36!?@localhost:27017/admin',
'uri_password_expected' : ' - server: mongodb://datadog:********@localhost:27017/admin',
}


def mocked_strftime(t):
return '1'
Expand Down Expand Up @@ -121,3 +132,33 @@ def test_endpoint(self, mock_config, mock_temp, mock_stfrtime):
raise Exception('Should fail before')
except Exception, e:
self.assertEqual(str(e), "Your request is incorrect: Invalid inputs: 'API key unknown'")

@attr(requires='core_integration')
@mock.patch('utils.flare.strftime', side_effect=mocked_strftime)
@mock.patch('tempfile.gettempdir', side_effect=get_mocked_temp)
@mock.patch('utils.flare.get_config', side_effect=get_mocked_config)
def test_uri_password(self, mock_config, mock_tempdir, mock_strftime):
f = Flare()
_, password_found = f._strip_password(os.path.join(get_mocked_temp(), mock_cfgs['uri_password']))
self.assertEqual(
password_found,
" - this file contains a password in a uri which has been removed in the version collected"
)

@attr(requires='core_integration')
@mock.patch('utils.flare.strftime', side_effect=mocked_strftime)
@mock.patch('tempfile.gettempdir', side_effect=get_mocked_temp)
@mock.patch('utils.flare.get_config', side_effect=get_mocked_config)
def test_uri_password_regex(self, mock_config, mock_tempdir, mock_strftime):
f = Flare()
line = re.sub(f.URI_REGEX, r'\1://\2:********@', password_tests['uri_password'])
self.assertEqual(
line,
password_tests['uri_password_expected']
)

line = re.sub(f.URI_REGEX, r'\1://\2:********@', password_tests['uri_password_2'])
self.assertEqual(
line,
password_tests['uri_password_expected']
)
5 changes: 5 additions & 0 deletions utils/flare.py
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ class Flare(object):

DATADOG_SUPPORT_URL = '/support/flare'
PASSWORD_REGEX = re.compile('( *(\w|_)*pass(word)?:).+')
URI_REGEX = re.compile('(.*\ [A-Za-z0-9]+)\:\/\/([A-Za-z0-9]+)\:(.+)\@')
COMMENT_REGEX = re.compile('^ *#.*')
APIKEY_REGEX = re.compile('^api_key: *\w+(\w{5})$')
REPLACE_APIKEY = r'api_key: *************************\1'
Expand Down Expand Up @@ -363,6 +364,10 @@ def _strip_password(self, file_path):
line = re.sub(self.PASSWORD_REGEX, r'\1 ********', line)
password_found = ' - this file contains a password which '\
'has been removed in the version collected'
if self.URI_REGEX.match(line):
line = re.sub(self.URI_REGEX, r'\1://\2:********@', line)
password_found = ' - this file contains a password in a uri which '\
'has been removed in the version collected'
if not self.COMMENT_REGEX.match(line):
temp_file.write(line)

Expand Down

0 comments on commit ed312c2

Please sign in to comment.