def test_value(self): scrubber = JsonScrubber() d = { 'A': '---BEGIN PRIVATE KEY---\nABC\n123+/==\n---END PRIVATE KEY---\n' } self.assertEqual({'A': scrubber.REDACTED}, scrubber(d))
def test_dict_nested(self): scrubber = JsonScrubber() d = {'parent': {'A': 'a', 'secret': 'secret'}} self.assertEqual({'parent': { 'A': 'a', 'secret': scrubber.REDACTED }}, scrubber(d))
def test_http_scrubber(self): json_scrubber = JsonScrubber() scrubber = st.HttpScrubber(headers_scrubber=None, request_scrubber=json_scrubber, response_scrubber=json_scrubber) original_headers = dict(self._TEST_ORIGINAL_HEADERS) got_headers = scrubber.scrub_headers(original_headers) self.assertEquals(self._TEST_CENSORED_HEADERS, got_headers) self.assertEquals(self._TEST_CENSORED_HEADERS, original_headers) # verify case insensitive json attribute scrubbing payload = { 'PassWord': '******', 'sEcReT': 'X', 'priVate': 'VALUE', 'whatever': 'secret' } redacted = json_scrubber.REDACTED expect = { 'PassWord': redacted, 'sEcReT': redacted, 'priVate': redacted, 'whatever': 'secret' } # The scrubber scrubs the original for extra safety. actual_payload = dict(payload) self.assertEquals(expect, scrubber.scrub_request(actual_payload)) self.assertEquals(expect, actual_payload) actual_payload = dict(payload) self.assertEquals(expect, scrubber.scrub_response(actual_payload)) self.assertEquals(expect, actual_payload) url = 'http://path?password=VALUE' self.assertEquals(url, scrubber.scrub_url(url))
def test_dict_password(self): scrubber = JsonScrubber() d = {'A': 'a', 'password': '******'} self.assertEqual({ 'A': 'a', 'password': scrubber.REDACTED }, scrubber(d))
def test_dict_substring(self): scrubber = JsonScrubber() d = {'asecrets': 'a', 'apasswords': 'p'} self.assertEqual( { 'asecrets': scrubber.REDACTED, 'apasswords': scrubber.REDACTED }, scrubber(d))
def export_to_json_snapshot(self, snapshot, entity): builder = snapshot.edge_builder # Make sure there arent passwords in here. scrubbed_config = JsonScrubber()(self.__config_dict) builder.make_control(entity, 'Max Wait Secs', self.__default_max_wait_secs) builder.make_control(entity, 'Configuration', scrubbed_config)
def test_list(self): scrubber = JsonScrubber() l = [{'secrets': 'a'}, {'passwords': 'p'}, {'a': 'A'}] self.assertEqual([{ 'secrets': scrubber.REDACTED }, { 'passwords': scrubber.REDACTED }, { 'a': 'A' }], scrubber(l))
def test_key_value(self): scrubber = JsonScrubber() l = [{ 'key': 'apassword', 'value': 'p' }, { 'key': 'asecret', 'value': 's' }, { 'key': 'plain', 'value': 'v' }] self.assertEqual([{ 'key': 'apassword', 'value': scrubber.REDACTED }, { 'key': 'asecret', 'value': scrubber.REDACTED }, { 'key': 'plain', 'value': 'v' }], scrubber(l))
def test_json(self): text = u"""[ {{ "canIpForward": false, "cpuPlatform": "Intel Ivy Bridge", "creationTimestamp": "2015-11-03T08:38:59.701-08:00", "description": "", "metadata": {{ "fingerprint": "p_LMICy68MQ=", "items": [ {{ "key": "google-cloud-marketplace-solution-key", "value": "bitnami-launchpad:jenkins" }}, {{ "key": "google-cloud-marketplace-generate-password", "value": "{type}" }}, {{ "key": "bitnami-base-password", "value": "{password}" }} ], "kind": "compute#metadata" }} }} ]""" decoder = JSONDecoder() scrubber = JsonScrubber() original = text.format(type='bitnami-base-password', password='******') expect = decoder.decode( text.format(type=scrubber.REDACTED, password=scrubber.REDACTED)) self.assertEqual(expect, decoder.decode(scrubber(original)))
def test_dict_secret(self): scrubber = JsonScrubber() d = {'A': 'a', 'secret': 'secret'} self.assertEqual({'A': 'a', 'secret': scrubber.REDACTED}, scrubber(d))
def test_dict_ok(self): scrubber = JsonScrubber() d = {'A': 'a', 'B': 'b'} self.assertEqual(d, scrubber(d))
def test_string(self): scrubber = JsonScrubber() self.assertEqual('Hello', scrubber('Hello')) self.assertEqual('password is 1234', scrubber('password is 1234'))