Verify the sanitize keys are lowered

This change is preventative to ensure any keys added in the future are all lowercase. Change-Id: Ib843fe59a80b081d9d0193717ff5a980e22c81b0 (cherry picked from commit 577da7f00b)
2019-11-21 10:09:20 +00:00 · 2019-11-21 10:09:20 +00:00 · 39870f6807
parent 05ab20cca2
commit 39870f6807
2 changed files with 9 additions and 3 deletions
--- a/oslo_utils/strutils.py
+++ b/oslo_utils/strutils.py
@ -55,7 +55,7 @@ SLUGIFY_HYPHENATE_RE = re.compile(r"[-\s]+")


 # NOTE(flaper87): The following globals are used by `mask_password` and
-#                 `mask_dict_password`
+#                 `mask_dict_password`. They must all be lowercase.
 _SANITIZE_KEYS = ['adminpass', 'admin_pass', 'password', 'admin_password',
                  'auth_token', 'new_pass', 'auth_password', 'secret_uuid',
                  'secret', 'sys_pswd', 'token', 'configdrive',
@ -337,7 +337,7 @@ def mask_password(message, secret="***"):  # nosec
    # specified in _SANITIZE_KEYS, if not then just return the message since
    # we don't have to mask any passwords.
    for key in _SANITIZE_KEYS:
-        if key.lower() in message.lower():
+        if key in message.lower():
            for pattern in _SANITIZE_PATTERNS_2[key]:
                message = re.sub(pattern, substitute2, message)
            for pattern in _SANITIZE_PATTERNS_1[key]:
@ -413,7 +413,7 @@ def mask_dict_password(dictionary, secret="***"):  # nosec
        k_matched = False
        if isinstance(k, six.string_types):
            for sani_key in _SANITIZE_KEYS:
-                if sani_key.lower() in k.lower():
+                if sani_key in k.lower():
                    out[k] = secret
                    k_matched = True
                    break
--- a/oslo_utils/tests/test_strutils.py
+++ b/oslo_utils/tests/test_strutils.py
@ -296,6 +296,12 @@ StringToBytesTest.generate_scenarios()

 class MaskPasswordTestCase(test_base.BaseTestCase):

+    def test_sanitize_keys(self):
+
+        lowered = [k.lower() for k in strutils._SANITIZE_KEYS]
+        message = "The _SANITIZE_KEYS must all be lowercase."
+        self.assertEqual(strutils._SANITIZE_KEYS, lowered, message)
+
    def test_json(self):
        # Test 'adminPass' w/o spaces
        payload = """{'adminPass':'TL0EfN33'}"""