Launchpad itself

Merge lp:~cjwatson/launchpad/less-greedy-sanitise-urls into lp:launchpad

  1. less-greedy-sanitise-urls
  2. Merge into devel
Proposed by Colin Watson
Status: Merged
Merged at revision: 18580
Proposed branch: lp:~cjwatson/launchpad/less-greedy-sanitise-urls
Merge into: lp:launchpad
Diff against target: 59 lines (+25/-3)
2 files modified
lib/lp/services/tests/test_utils.py (+23/-1)
lib/lp/services/utils.py (+2/-2)
To merge this branch: bzr merge lp:~cjwatson/launchpad/less-greedy-sanitise-urls
Reviewer Review Type Date Requested Status
Adam Collard (community) Approve
Launchpad code reviewers Pending
Review via email: mp+341962@code.launchpad.net

Commit message

Make sanitise_urls match usernames and passwords non-greedily.

Description of the change

Otherwise log lines that contain multiple URLs the second or later of which requires sanitisation become astonishingly confusing.

To post a comment you must log in.
Revision history for this message
Adam Collard (adam-collard) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'lib/lp/services/tests/test_utils.py'
--- lib/lp/services/tests/test_utils.py 2018-02-14 11:13:47 +0000
+++ lib/lp/services/tests/test_utils.py 2018-03-23 12:59:39 +0000
@@ -1,4 +1,4 @@
1# Copyright 2009-2011 Canonical Ltd. This software is licensed under the1# Copyright 2009-2018 Canonical Ltd. This software is licensed under the
2# GNU Affero General Public License version 3 (see the file LICENSE).2# GNU Affero General Public License version 3 (see the file LICENSE).
33
4"""Tests for lp.services.utils."""4"""Tests for lp.services.utils."""
@@ -33,6 +33,7 @@
33 load_bz2_pickle,33 load_bz2_pickle,
34 obfuscate_structure,34 obfuscate_structure,
35 run_capturing_output,35 run_capturing_output,
36 sanitise_urls,
36 save_bz2_pickle,37 save_bz2_pickle,
37 traceback_info,38 traceback_info,
38 utc_now,39 utc_now,
@@ -383,3 +384,24 @@
383 """Values are obfuscated recursively."""384 """Values are obfuscated recursively."""
384 obfuscated = obfuscate_structure({'foo': (['a@example.com'],)})385 obfuscated = obfuscate_structure({'foo': (['a@example.com'],)})
385 self.assertEqual({'foo': [['<email address hidden>']]}, obfuscated)386 self.assertEqual({'foo': [['<email address hidden>']]}, obfuscated)
387
388
389class TestSanitiseURLs(TestCase):
390
391 def test_already_clean(self):
392 self.assertEqual('clean', sanitise_urls('clean'))
393
394 def test_removes_credentials(self):
395 self.assertEqual(
396 'http://<redacted>@example.com/',
397 sanitise_urls('http://user:secret@example.com/'))
398
399 def test_non_greedy(self):
400 self.assertEqual(
401 '{"one": "http://example.com/", '
402 '"two": "http://<redacted>@example.com/", '
403 '"three": "http://<redacted>@example.org/"}',
404 sanitise_urls(
405 '{"one": "http://example.com/", '
406 '"two": "http://alice:secret@example.com/", '
407 '"three": "http://bob:hidden@example.org/"}'))
386408
=== modified file 'lib/lp/services/utils.py'
--- lib/lp/services/utils.py 2017-12-19 17:16:38 +0000
+++ lib/lp/services/utils.py 2018-03-23 12:59:39 +0000
@@ -1,4 +1,4 @@
1# Copyright 2009-2016 Canonical Ltd. This software is licensed under the1# Copyright 2009-2018 Canonical Ltd. This software is licensed under the
2# GNU Affero General Public License version 3 (see the file LICENSE).2# GNU Affero General Public License version 3 (see the file LICENSE).
33
4"""Generic Python utilities.4"""Generic Python utilities.
@@ -382,5 +382,5 @@
382 example). This function removes them.382 example). This function removes them.
383 """383 """
384 # Remove credentials from URLs.384 # Remove credentials from URLs.
385 password_re = re.compile('://([^:]*:[^@]*@)(\S+)')385 password_re = re.compile('://([^:@/]*:[^@/]*@)(\S+)')
386 return password_re.sub(r'://<redacted>@\2', s)386 return password_re.sub(r'://<redacted>@\2', s)