From 87c03d4ec3a090769f5494b8daf2d7361363128f Mon Sep 17 00:00:00 2001 From: Johannes Nussbaum <39048939+jnussbaum@users.noreply.github.com> Date: Wed, 24 Jan 2024 14:42:44 +0100 Subject: [PATCH] fix: fully mask passwords in logfile (DEV-3225) (#761) --- src/dsp_tools/utils/connection_live.py | 4 ++-- test/unittests/utils/test_connection_live.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/dsp_tools/utils/connection_live.py b/src/dsp_tools/utils/connection_live.py index ae12b2a76..057cf5d9a 100644 --- a/src/dsp_tools/utils/connection_live.py +++ b/src/dsp_tools/utils/connection_live.py @@ -307,12 +307,12 @@ def _anonymize(self, data: dict[str, Any] | None) -> dict[str, Any] | None: if match := regex.search(r"^Bearer (.+)", data["Authorization"]): data["Authorization"] = f"Bearer {self._mask(match.group(1))}" if "password" in data: - data["password"] = self._mask(data["password"]) + data["password"] = "*" * len(data["password"]) return data def _mask(self, sensitive_info: str) -> str: unmasked_until = 5 - if len(sensitive_info) <= unmasked_until: + if len(sensitive_info) <= unmasked_until * 2: return "*" * len(sensitive_info) else: return f"{sensitive_info[:unmasked_until]}[+{len(sensitive_info) - unmasked_until}]" diff --git a/test/unittests/utils/test_connection_live.py b/test/unittests/utils/test_connection_live.py index 8b7577253..759e498d0 100644 --- a/test/unittests/utils/test_connection_live.py +++ b/test/unittests/utils/test_connection_live.py @@ -8,7 +8,7 @@ def test_anonymize_different_keys() -> None: assert con._anonymize({"token": "uk7m20-8gqn8"}) == {"token": "uk7m2[+7]"} assert con._anonymize({"Set-Cookie": "uk7m20-8gqn8"}) == {"Set-Cookie": "uk7m2[+7]"} assert con._anonymize({"Authorization": "Bearer uk7m20-8gqn8"}) == {"Authorization": "Bearer uk7m2[+7]"} - assert con._anonymize({"password": "uk7m20-8gqn8"}) == {"password": "uk7m2[+7]"} + assert con._anonymize({"password": "uk7m20-8gqn8"}) == {"password": "************"} def test_anonymize_doesnt_mutate_original() -> None: