def test__anonymize_value_unique():
"""Test that unique sensitive items have unique anonymized values."""
pwd_lookup = {}
anon_vals = [_anonymize_value(pwd, pwd_lookup) for pwd in unique_passwords]
unique_anon_vals = set()
for anon_val in anon_vals:
# Confirm unique source values have unique anonymized values
assert (anon_val not in unique_anon_vals)
unique_anon_vals.add(anon_val)
def test_pwd_removal(regexes, raw_config_line, sensitive_text):
"""Test removal of passwords and communities from config lines."""
config_line = raw_config_line.format(sensitive_text)
pwd_lookup = {}
anon_line = replace_matching_item(regexes, config_line, pwd_lookup)
# Make sure the output line does not contain the sensitive text
assert sensitive_text not in anon_line
if _LINE_SCRUBBED_MESSAGE not in anon_line:
# If the line wasn't "completely scrubbed",
# make sure context was preserved
anon_val = _anonymize_value(sensitive_text, pwd_lookup, {})
assert anon_line == raw_config_line.format(anon_val)
def test__anonymize_value(val):
"""Test sensitive item anonymization."""
pwd_lookup = {}
anon_val = _anonymize_value(val, pwd_lookup, {})
val_format = _check_sensitive_item_format(val)
anon_val_format = _check_sensitive_item_format(anon_val)
# Confirm the anonymized value does not match the original value
assert anon_val != val
# Confirm format for anonmymized value matches format of the original value
assert anon_val_format == val_format
if val_format == _sensitive_item_formats.md5:
org_salt_size = len(val.split("$")[2])
anon_salt_size = len(anon_val.split("$")[2])
# Make sure salt size is preserved for md5 sensitive items
# (Cisco should stay 4 character, Juniper 8 character, etc)
assert org_salt_size == anon_salt_size
# Confirm reanonymizing same source value results in same anonymized value
assert anon_val == _anonymize_value(val, pwd_lookup, {})
