diff options
| author | Pavel Moravec <pmoravec@redhat.com> | 2024-01-28 15:17:28 +0100 |
|---|---|---|
| committer | Jake Hunsaker <jacob.r.hunsaker@gmail.com> | 2024-02-17 11:31:05 -0500 |
| commit | 76a7366928d8fcb6cb8b93bd8602228dcc6b9bbe (patch) | |
| tree | f8266172432f2b77810f2c00433540be46c9ed91 | |
| parent | 7b84e8a75eaafbb9f9e07cd6da1ef09f1bbf7896 (diff) | |
| download | sos-76a7366928d8fcb6cb8b93bd8602228dcc6b9bbe.tar.gz | |
[cleaner] Skip obfuscation of substrings for some parsers
As obfuscation of substrings of words is redundant and can lead to
leaking the secure string from the obfuscated word (e.g.
enobfuscateduser1ment), cleaner should match whole words only, in
relevant parsers/mappings.
Related: RHEL-2399
Resolves: #3403
Closes: #3496
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
| -rw-r--r-- | sos/cleaner/mappings/__init__.py | 7 | ||||
| -rw-r--r-- | sos/cleaner/mappings/hostname_map.py | 1 | ||||
| -rw-r--r-- | sos/cleaner/mappings/keyword_map.py | 1 | ||||
| -rw-r--r-- | sos/cleaner/mappings/username_map.py | 1 | ||||
| -rw-r--r-- | sos/cleaner/parsers/__init__.py | 3 |
5 files changed, 11 insertions, 2 deletions
diff --git a/sos/cleaner/mappings/__init__.py b/sos/cleaner/mappings/__init__.py index b56ced40..3bcef06d 100644 --- a/sos/cleaner/mappings/__init__.py +++ b/sos/cleaner/mappings/__init__.py @@ -26,6 +26,7 @@ class SoSMap(): skip_keys = [] compile_regexes = True ignore_short_items = False + match_full_words_only = False def __init__(self): self.dataset = {} @@ -97,7 +98,11 @@ class SoSMap(): :returns: A compiled regex pattern for the item :rtype: ``re.Pattern`` """ - return re.compile(re.escape(item), re.I) + if self.match_full_words_only: + item = rf'(?=\b|_|-){re.escape(item)}(?=\b|_|-)' + else: + item = re.escape(item) + return re.compile(item, re.I) def sanitize_item(self, item): """Perform the obfuscation relevant to the item being added to the map. diff --git a/sos/cleaner/mappings/hostname_map.py b/sos/cleaner/mappings/hostname_map.py index ca26125c..dbb97d98 100644 --- a/sos/cleaner/mappings/hostname_map.py +++ b/sos/cleaner/mappings/hostname_map.py @@ -44,6 +44,7 @@ class SoSHostnameMap(SoSMap): '.rules', '.conf', '.cfg') ignore_short_items = True + match_full_words_only = True host_count = 0 domain_count = 0 _domains = {} diff --git a/sos/cleaner/mappings/keyword_map.py b/sos/cleaner/mappings/keyword_map.py index ddc324c0..1fd1a73a 100644 --- a/sos/cleaner/mappings/keyword_map.py +++ b/sos/cleaner/mappings/keyword_map.py @@ -21,6 +21,7 @@ class SoSKeywordMap(SoSMap): is an incrementing integer. """ + match_full_words_only = True word_count = 0 def sanitize_item(self, item): diff --git a/sos/cleaner/mappings/username_map.py b/sos/cleaner/mappings/username_map.py index e1ef026c..f6eedb34 100644 --- a/sos/cleaner/mappings/username_map.py +++ b/sos/cleaner/mappings/username_map.py @@ -21,6 +21,7 @@ class SoSUsernameMap(SoSMap): """ ignore_short_items = True + match_full_words_only = True name_count = 0 def sanitize_item(self, username): diff --git a/sos/cleaner/parsers/__init__.py b/sos/cleaner/parsers/__init__.py index a1057df9..5c802119 100644 --- a/sos/cleaner/parsers/__init__.py +++ b/sos/cleaner/parsers/__init__.py @@ -151,7 +151,8 @@ class SoSCleanerParser(): if self.compile_regexes: for item, reg in self.mapping.compiled_regexes: if reg.search(string_data): - string_data = reg.sub(self.mapping.get(item), string_data) + string_data = reg.sub(self.mapping.get(item.lower()), + string_data) else: for k, ob in sorted(self.mapping.dataset.items(), reverse=True, key=lambda x: len(x[0])): |