Skip to content

Commit

Permalink
sweep: DIRACGrid#7835 fix(Resources): hide private key from the logs
Browse files Browse the repository at this point in the history
  • Loading branch information
aldbr committed Oct 16, 2024
1 parent e02d21f commit c75848d
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/DIRAC/Resources/LogFilters/SensitiveDataFilter.py
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ def __filter(self, record):
# a list of sensitive words to replace
sensitiveData = [
r"-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----",
r"-----BEGIN PRIVATE KEY-----.*?-----END PRIVATE KEY-----",
]

# record.args can be a tuple
Expand Down
8 changes: 8 additions & 0 deletions src/DIRAC/Resources/LogFilters/test/Test_LogFilter.py
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,14 @@ def test_pf(pf, record, result):
("blablabla ***REDACTED*** blablabla", "Variable message"),
# should not display the certificate
),
(
(
"blablabla -----BEGIN PRIVATE KEY-----\n12345\n45678\n-----END PRIVATE KEY----- blablabla",
"Variable message",
),
("blablabla ***REDACTED*** blablabla", "Variable message"),
# should not display the certificate
),
((5, ""), ("5", "")), # special case
(("", 5), ("", "5")), # special case
(({"ce": "test"}, ""), ("{'ce': 'test'}", "")), # special case
Expand Down

0 comments on commit c75848d

Please sign in to comment.