Merge "Mask passwords that are included in commands"
This commit is contained in:
commit
189cdb63b4
|
@ -59,7 +59,10 @@ _SANITIZE_PATTERNS = []
|
||||||
_FORMAT_PATTERNS = [r'(%(key)s\s*[=]\s*[\"\']).*?([\"\'])',
|
_FORMAT_PATTERNS = [r'(%(key)s\s*[=]\s*[\"\']).*?([\"\'])',
|
||||||
r'(<%(key)s>).*?(</%(key)s>)',
|
r'(<%(key)s>).*?(</%(key)s>)',
|
||||||
r'([\"\']%(key)s[\"\']\s*:\s*[\"\']).*?([\"\'])',
|
r'([\"\']%(key)s[\"\']\s*:\s*[\"\']).*?([\"\'])',
|
||||||
r'([\'"].*?%(key)s[\'"]\s*:\s*u?[\'"]).*?([\'"])']
|
r'([\'"].*?%(key)s[\'"]\s*:\s*u?[\'"]).*?([\'"])',
|
||||||
|
r'([\'"].*?%(key)s[\'"]\s*,\s*\'--?[A-z]+\'\s*,\s*u?[\'"])'
|
||||||
|
'.*?([\'"])',
|
||||||
|
r'(%(key)s\s*--?[A-z]+\s*).*?([\s])']
|
||||||
|
|
||||||
for key in _SANITIZE_KEYS:
|
for key in _SANITIZE_KEYS:
|
||||||
for pattern in _FORMAT_PATTERNS:
|
for pattern in _FORMAT_PATTERNS:
|
||||||
|
|
|
@ -156,7 +156,7 @@ def execute(*cmd, **kwargs):
|
||||||
attempts -= 1
|
attempts -= 1
|
||||||
try:
|
try:
|
||||||
LOG.log(loglevel, 'Running cmd (subprocess): %s',
|
LOG.log(loglevel, 'Running cmd (subprocess): %s',
|
||||||
' '.join(cmd))
|
' '.join(logging.mask_password(cmd)))
|
||||||
_PIPE = subprocess.PIPE # pylint: disable=E1101
|
_PIPE = subprocess.PIPE # pylint: disable=E1101
|
||||||
|
|
||||||
if os.name == 'nt':
|
if os.name == 'nt':
|
||||||
|
|
|
@ -894,3 +894,25 @@ class MaskPasswordTestCase(test_base.BaseTestCase):
|
||||||
payload = six.text_type(payload)
|
payload = six.text_type(payload)
|
||||||
expected = """{'adminPass':'***'}"""
|
expected = """{'adminPass':'***'}"""
|
||||||
self.assertEqual(expected, log.mask_password(payload))
|
self.assertEqual(expected, log.mask_password(payload))
|
||||||
|
|
||||||
|
payload = ("test = 'node.session.auth.password','-v','mypassword',"
|
||||||
|
"'nomask'")
|
||||||
|
expected = ("test = 'node.session.auth.password','-v','***',"
|
||||||
|
"'nomask'")
|
||||||
|
self.assertEqual(expected, log.mask_password(payload))
|
||||||
|
|
||||||
|
payload = ("test = 'node.session.auth.password', '--password', "
|
||||||
|
"'mypassword', 'nomask'")
|
||||||
|
expected = ("test = 'node.session.auth.password', '--password', "
|
||||||
|
"'***', 'nomask'")
|
||||||
|
self.assertEqual(expected, log.mask_password(payload))
|
||||||
|
|
||||||
|
payload = "test = node.session.auth.password -v mypassword nomask"
|
||||||
|
expected = "test = node.session.auth.password -v *** nomask"
|
||||||
|
self.assertEqual(expected, log.mask_password(payload))
|
||||||
|
|
||||||
|
payload = ("test = node.session.auth.password --password mypassword "
|
||||||
|
"nomask")
|
||||||
|
expected = ("test = node.session.auth.password --password *** "
|
||||||
|
"nomask")
|
||||||
|
self.assertEqual(expected, log.mask_password(payload))
|
||||||
|
|
Loading…
Reference in New Issue