def test_parse_redaction_policy_from_file(self):
with tempfile.NamedTemporaryFile() as f:
json.dump({
'version': 1,
'rules': [
{
'description': 'redact passwords',
'trigger': 'password='******'search': 'password="******"',
'replace': 'password="******"',
},
{
'description': 'redact social security numbers',
'search': '\d{3}-\d{2}-\d{4}',
'replace': 'XXX-XX-XXXX',
},
]
}, f)
f.flush()
policy = parse_redaction_policy_from_file(f.name)
assert_equal(policy.rules, [
RedactionRule(u'password='******'password="******"', u'password="******"'),
RedactionRule(None, u'\d{3}-\d{2}-\d{4}', u'XXX-XX-XXXX'),
])
def test_equality(self):
rule1 = RedactionRule('password='******'password="******"', 'password="******"')
rule2 = RedactionRule('password='******'password="******"', 'password="******"')
rule3 = RedactionRule('ssn=', 'ssn=\d{3}-\d{2}-\d{4}', 'ssn=XXX-XX-XXXX'),
assert_equal(rule1, rule2)
assert_not_equal(rule1, rule3)
def setUpClass(cls):
cls.logger = logging.getLogger(cls.__name__)
cls.handler = MockLoggingHandler()
cls.logger.addHandler(cls.handler)
engine = RedactionEngine([
RedactionRule('password='******'password="******"', 'password="******"'),
RedactionRule('ssn=', 'ssn=\d{3}-\d{2}-\d{4}', 'ssn=XXX-XX-XXXX'),
])
add_log_redaction_filter_to_logger(engine, cls.logger)
def test_parse_redaction_rules_from_string(self):
string = \
r'password=::password="******"::password="******"' \
r'||' \
r'ssn=::ssn=\d{3}-\d{2}-\d{4}::ssn=XXX-XX-XXXX'
rules = parse_redaction_rules_from_string(string)
assert_equal(rules, [
RedactionRule('password='******'password="******"', 'password="******"'),
RedactionRule('ssn=', 'ssn=\d{3}-\d{2}-\d{4}', 'ssn=XXX-XX-XXXX'),
])
def test_equality(self):
engine1 = RedactionEngine([
RedactionRule('password='******'password="******"', 'password="******"'),
])
engine2 = RedactionEngine([
RedactionRule('password='******'password="******"', 'password="******"'),
])
engine3 = RedactionEngine([
RedactionRule('ssn=', 'ssn=\d{3}-\d{2}-\d{4}', 'ssn=XXX-XX-XXXX'),
])
assert_equal(engine1, engine2)
assert_not_equal(engine1, engine3)
def test_parse_redaction_rules_from_file(self):
with tempfile.NamedTemporaryFile() as f:
print >> f, r'password=::password="******"::password="******"'
print >> f, r'ssn=::ssn=\d{3}-\d{2}-\d{4}::ssn=XXX-XX-XXXX'
f.flush()
rules = parse_redaction_rules_from_file(f.name)
assert_equal(rules, [
RedactionRule('password='******'password="******"', 'password="******"'),
RedactionRule('ssn=', 'ssn=\d{3}-\d{2}-\d{4}',
'ssn=XXX-XX-XXXX'),
])
def test_redaction_works(self):
redaction_engine = RedactionEngine([
RedactionRule('password='******'password="******"', 'password="******"'),
RedactionRule('ssn=', 'ssn=\d{3}-\d{2}-\d{4}', 'ssn=XXX-XX-XXXX'),
])
test_strings = [
('message', 'message'),
('password="******"', 'password="******"'),
('before password="******" after', 'before password="******" after'),
('an ssn=123-45-6789', 'an ssn=XXX-XX-XXXX'),
]
for message, redacted_message in test_strings:
assert_equal(redaction_engine.redact(message), redacted_message)
def test_redact_empty_string(self):
engine = RedactionEngine([
RedactionRule('password='******'password="******"', 'password="******"'),
])
assert_equal(engine.redact(None), None)
assert_equal(engine.redact(''), '')
def test_redaction_rule_works(self):
rule = RedactionRule('password='******'password="******"', 'password="******"')
test_strings = [
('message', 'message'),
('password="******"', 'password="******"'),
('before password="******" after', 'before password="******" after'),
]
for message, redacted_message in test_strings:
assert_equal(rule.redact(message), redacted_message)
def test_redact_statements(self):
old_policies = redaction.global_redaction_engine.policies
redaction.global_redaction_engine.policies = [
RedactionPolicy([
RedactionRule('', 'ssn=\d{3}-\d{2}-\d{4}', 'ssn=XXX-XX-XXXX'),
])
]
logfilter.add_log_redaction_filter_to_logger(redaction.global_redaction_engine, logging.root)
sensitive_query = 'SELECT "ssn=123-45-6789"'
redacted_query = 'SELECT "ssn=XXX-XX-XXXX"'
nonsensitive_query = 'SELECT "hello"'
snippets = [
{
'status': 'ready',
'viewSettings': {
'sqlDialect': True,
'snippetImage': '/static/beeswax/art/icon_beeswax_48.png',
'placeHolder': 'Example: SELECT * FROM tablename, or press CTRL + space',
'aceMode': 'ace/mode/hive'
},
'id': '10a29cda-063f-1439-4836-d0c460154075',
'statement_raw': sensitive_query,
'statement': sensitive_query,
'type': 'hive'
},
{
'status': 'ready',
'viewSettings': {
'sqlDialect': True,
'snippetImage': '/static/impala/art/icon_impala_48.png',
'placeHolder': 'Example: SELECT * FROM tablename, or press CTRL + space',
'aceMode': 'ace/mode/impala'
},
'id': 'e17d195a-beb5-76bf-7489-a9896eeda67a',
'statement_raw': sensitive_query,
'statement': sensitive_query,
'type': 'impala'
},
{
'status': 'ready',
'viewSettings': {
'sqlDialect': True,
'snippetImage': '/static/beeswax/art/icon_beeswax_48.png',
'placeHolder': 'Example: SELECT * FROM tablename, or press CTRL + space',
'aceMode': 'ace/mode/hive'
},
'id': '10a29cda-063f-1439-4836-d0c460154075',
'statement_raw': nonsensitive_query,
'statement': nonsensitive_query,
'type': 'hive'
},
]
try:
self.document2.type = 'notebook'
self.document2.update_data({'snippets': snippets})
self.document2.search = sensitive_query
self.document2.save()
saved_snippets = self.document2.data_dict['snippets']
# Make sure redacted queries are redacted.
assert_equal(redacted_query, saved_snippets[0]['statement'])
assert_equal(redacted_query, saved_snippets[0]['statement_raw'])
assert_equal(True, saved_snippets[0]['is_redacted'])
assert_equal(redacted_query, saved_snippets[1]['statement'])
assert_equal(redacted_query, saved_snippets[1]['statement_raw'])
assert_equal(True, saved_snippets[1]['is_redacted'])
document = Document2.objects.get(pk=self.document2.pk)
assert_equal(redacted_query, document.search)
# Make sure unredacted queries are not redacted.
assert_equal(nonsensitive_query, saved_snippets[2]['statement'])
assert_equal(nonsensitive_query, saved_snippets[2]['statement_raw'])
assert_false('is_redacted' in saved_snippets[2])
finally:
redaction.global_redaction_engine.policies = old_policies
def test_non_redacted_string_returns_same_string(self):
rule = RedactionRule('password='******'password="******"', 'password="******"')
message = 'message'
assert_true(rule.redact(message) is message)
