mask_passwords doesn't mask characters following a quote or double quote
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
oslo.utils |
Fix Released
|
Undecided
|
Herve Beraud |
Bug Description
Description of problem:
mask_passwords doesn't mask characters following a " so if a user has a password containing a " in the middle such as pass"word , we would see ***"word in the debug output.
It looks like something's wrong with this:
_FORMAT_PATTERNS_1 = [r'(%(key)
_FORMAT_PATTERNS_2 = [r'(%(key)
Version-Release number of selected component (if applicable):
All
How reproducible:
Always
Steps to Reproduce:
1. Set a password containing a " somewhere in it
2. Use openstack --debug CLI
3.
Actual results:
Password are not fully hidden
Expected results:
No password should leak in debug output
Additional informations:
We can also reproduce it by adding a dedicated unit tests:
```
payload = 'test = "original_password" : "aaaaa"aaaa"'
expected = 'test = "original_password" : "***"'
```
It will provide the following outcome:
```oslo_
-------
Captured traceback:
~~~~~~~~~~~~~~~~~~~
Traceback (most recent call last):
File "/home/
self.
File "/home/
self.
File "/home/
raise mismatch_error
testtools.
reference = 'test = "original_password" : "***"'
actual = 'test = "original_password" : "***"aaaa"'
```
I'll debug the regex to see how we can fix that.
Changed in oslo.utils: | |
assignee: | nobody → Herve Beraud (herveberaud) |
Fix proposed to branch: master /review. opendev. org/c/openstack /oslo.utils/ +/816544
Review: https:/