def test__anonymize_value_unique(): """Test that unique sensitive items have unique anonymized values.""" pwd_lookup = {} anon_vals = [_anonymize_value(pwd, pwd_lookup) for pwd in unique_passwords] unique_anon_vals = set() for anon_val in anon_vals: # Confirm unique source values have unique anonymized values assert (anon_val not in unique_anon_vals) unique_anon_vals.add(anon_val)
def test_pwd_removal(regexes, raw_config_line, sensitive_text): """Test removal of passwords and communities from config lines.""" config_line = raw_config_line.format(sensitive_text) pwd_lookup = {} anon_line = replace_matching_item(regexes, config_line, pwd_lookup) # Make sure the output line does not contain the sensitive text assert sensitive_text not in anon_line if _LINE_SCRUBBED_MESSAGE not in anon_line: # If the line wasn't "completely scrubbed", # make sure context was preserved anon_val = _anonymize_value(sensitive_text, pwd_lookup, {}) assert anon_line == raw_config_line.format(anon_val)
def test__anonymize_value(val): """Test sensitive item anonymization.""" pwd_lookup = {} anon_val = _anonymize_value(val, pwd_lookup, {}) val_format = _check_sensitive_item_format(val) anon_val_format = _check_sensitive_item_format(anon_val) # Confirm the anonymized value does not match the original value assert anon_val != val # Confirm format for anonmymized value matches format of the original value assert anon_val_format == val_format if val_format == _sensitive_item_formats.md5: org_salt_size = len(val.split("$")[2]) anon_salt_size = len(anon_val.split("$")[2]) # Make sure salt size is preserved for md5 sensitive items # (Cisco should stay 4 character, Juniper 8 character, etc) assert org_salt_size == anon_salt_size # Confirm reanonymizing same source value results in same anonymized value assert anon_val == _anonymize_value(val, pwd_lookup, {})