def test_parse_redaction_policy_from_file(self): with tempfile.NamedTemporaryFile() as f: json.dump({ 'version': 1, 'rules': [ { 'description': 'redact passwords', 'trigger': 'password='******'search': 'password="******"', 'replace': 'password="******"', }, { 'description': 'redact social security numbers', 'search': '\d{3}-\d{2}-\d{4}', 'replace': 'XXX-XX-XXXX', }, ] }, f) f.flush() policy = parse_redaction_policy_from_file(f.name) assert_equal(policy.rules, [ RedactionRule(u'password='******'password="******"', u'password="******"'), RedactionRule(None, u'\d{3}-\d{2}-\d{4}', u'XXX-XX-XXXX'), ])
def test_equality(self): rule1 = RedactionRule('password='******'password="******"', 'password="******"') rule2 = RedactionRule('password='******'password="******"', 'password="******"') rule3 = RedactionRule('ssn=', 'ssn=\d{3}-\d{2}-\d{4}', 'ssn=XXX-XX-XXXX'), assert_equal(rule1, rule2) assert_not_equal(rule1, rule3)
def setUpClass(cls): cls.logger = logging.getLogger(cls.__name__) cls.handler = MockLoggingHandler() cls.logger.addHandler(cls.handler) engine = RedactionEngine([ RedactionRule('password='******'password="******"', 'password="******"'), RedactionRule('ssn=', 'ssn=\d{3}-\d{2}-\d{4}', 'ssn=XXX-XX-XXXX'), ]) add_log_redaction_filter_to_logger(engine, cls.logger)
def test_parse_redaction_rules_from_string(self): string = \ r'password=::password="******"::password="******"' \ r'||' \ r'ssn=::ssn=\d{3}-\d{2}-\d{4}::ssn=XXX-XX-XXXX' rules = parse_redaction_rules_from_string(string) assert_equal(rules, [ RedactionRule('password='******'password="******"', 'password="******"'), RedactionRule('ssn=', 'ssn=\d{3}-\d{2}-\d{4}', 'ssn=XXX-XX-XXXX'), ])
def test_equality(self): engine1 = RedactionEngine([ RedactionRule('password='******'password="******"', 'password="******"'), ]) engine2 = RedactionEngine([ RedactionRule('password='******'password="******"', 'password="******"'), ]) engine3 = RedactionEngine([ RedactionRule('ssn=', 'ssn=\d{3}-\d{2}-\d{4}', 'ssn=XXX-XX-XXXX'), ]) assert_equal(engine1, engine2) assert_not_equal(engine1, engine3)
def test_parse_redaction_rules_from_file(self): with tempfile.NamedTemporaryFile() as f: print >> f, r'password=::password="******"::password="******"' print >> f, r'ssn=::ssn=\d{3}-\d{2}-\d{4}::ssn=XXX-XX-XXXX' f.flush() rules = parse_redaction_rules_from_file(f.name) assert_equal(rules, [ RedactionRule('password='******'password="******"', 'password="******"'), RedactionRule('ssn=', 'ssn=\d{3}-\d{2}-\d{4}', 'ssn=XXX-XX-XXXX'), ])
def test_redaction_works(self): redaction_engine = RedactionEngine([ RedactionRule('password='******'password="******"', 'password="******"'), RedactionRule('ssn=', 'ssn=\d{3}-\d{2}-\d{4}', 'ssn=XXX-XX-XXXX'), ]) test_strings = [ ('message', 'message'), ('password="******"', 'password="******"'), ('before password="******" after', 'before password="******" after'), ('an ssn=123-45-6789', 'an ssn=XXX-XX-XXXX'), ] for message, redacted_message in test_strings: assert_equal(redaction_engine.redact(message), redacted_message)
def test_redact_empty_string(self): engine = RedactionEngine([ RedactionRule('password='******'password="******"', 'password="******"'), ]) assert_equal(engine.redact(None), None) assert_equal(engine.redact(''), '')
def test_redaction_rule_works(self): rule = RedactionRule('password='******'password="******"', 'password="******"') test_strings = [ ('message', 'message'), ('password="******"', 'password="******"'), ('before password="******" after', 'before password="******" after'), ] for message, redacted_message in test_strings: assert_equal(rule.redact(message), redacted_message)
def test_redact_statements(self): old_policies = redaction.global_redaction_engine.policies redaction.global_redaction_engine.policies = [ RedactionPolicy([ RedactionRule('', 'ssn=\d{3}-\d{2}-\d{4}', 'ssn=XXX-XX-XXXX'), ]) ] logfilter.add_log_redaction_filter_to_logger(redaction.global_redaction_engine, logging.root) sensitive_query = 'SELECT "ssn=123-45-6789"' redacted_query = 'SELECT "ssn=XXX-XX-XXXX"' nonsensitive_query = 'SELECT "hello"' snippets = [ { 'status': 'ready', 'viewSettings': { 'sqlDialect': True, 'snippetImage': '/static/beeswax/art/icon_beeswax_48.png', 'placeHolder': 'Example: SELECT * FROM tablename, or press CTRL + space', 'aceMode': 'ace/mode/hive' }, 'id': '10a29cda-063f-1439-4836-d0c460154075', 'statement_raw': sensitive_query, 'statement': sensitive_query, 'type': 'hive' }, { 'status': 'ready', 'viewSettings': { 'sqlDialect': True, 'snippetImage': '/static/impala/art/icon_impala_48.png', 'placeHolder': 'Example: SELECT * FROM tablename, or press CTRL + space', 'aceMode': 'ace/mode/impala' }, 'id': 'e17d195a-beb5-76bf-7489-a9896eeda67a', 'statement_raw': sensitive_query, 'statement': sensitive_query, 'type': 'impala' }, { 'status': 'ready', 'viewSettings': { 'sqlDialect': True, 'snippetImage': '/static/beeswax/art/icon_beeswax_48.png', 'placeHolder': 'Example: SELECT * FROM tablename, or press CTRL + space', 'aceMode': 'ace/mode/hive' }, 'id': '10a29cda-063f-1439-4836-d0c460154075', 'statement_raw': nonsensitive_query, 'statement': nonsensitive_query, 'type': 'hive' }, ] try: self.document2.type = 'notebook' self.document2.update_data({'snippets': snippets}) self.document2.search = sensitive_query self.document2.save() saved_snippets = self.document2.data_dict['snippets'] # Make sure redacted queries are redacted. assert_equal(redacted_query, saved_snippets[0]['statement']) assert_equal(redacted_query, saved_snippets[0]['statement_raw']) assert_equal(True, saved_snippets[0]['is_redacted']) assert_equal(redacted_query, saved_snippets[1]['statement']) assert_equal(redacted_query, saved_snippets[1]['statement_raw']) assert_equal(True, saved_snippets[1]['is_redacted']) document = Document2.objects.get(pk=self.document2.pk) assert_equal(redacted_query, document.search) # Make sure unredacted queries are not redacted. assert_equal(nonsensitive_query, saved_snippets[2]['statement']) assert_equal(nonsensitive_query, saved_snippets[2]['statement_raw']) assert_false('is_redacted' in saved_snippets[2]) finally: redaction.global_redaction_engine.policies = old_policies
def test_non_redacted_string_returns_same_string(self): rule = RedactionRule('password='******'password="******"', 'password="******"') message = 'message' assert_true(rule.redact(message) is message)