FullStackWithLawrence · lpm0073 · Apr 26, 2023 · Apr 26, 2023 · Apr 26, 2023
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [0.1.4] (2023-04-26)
+
+- bug fix: make dict key evaluation case insensitive
+
 ## [0.1.3] (2023-04-26)
 
 - rename serialized_masked_dict() to masked_dict2str() with backward compatibility

diff --git a/__about__.py b/__about__.py
@@ -7,7 +7,7 @@
 
 # Increment this version number to trigger a new release. See
 # CHANGELOG.md for information on the versioning scheme.
-__version__ = "0.1.3"
+__version__ = "0.1.4"
 
 # The app name will be used to define the name of the default plugin root and
 # plugin directory. To avoid conflicts between multiple locally-installed

diff --git a/pyproject.toml b/pyproject.toml
@@ -24,7 +24,7 @@ build-backend = "setuptools.build_meta:__legacy__"
 #------------------------------------------------------------------------------
 [project]
 name = "secure-logger"
-version = "0.1.3"
+version = "0.1.4"
 authors = [
   { name="Lawrence McDaniel", email="lpm0073@gmail.com" }
 ]

diff --git a/secure_logger/masked_dict.py b/secure_logger/masked_dict.py
@@ -42,34 +42,34 @@ def default(self, obj):
             return ""
 
 
-def masked_dict(obj, sensitive_keys: list = DEFAULT_SENSITIVE_KEYS, message: str = DEFAULT_REDACTION_MESSAGE) -> dict:
+def masked_dict(
+    source_dict, sensitive_keys: list = DEFAULT_SENSITIVE_KEYS, message: str = DEFAULT_REDACTION_MESSAGE
+) -> dict:
     """
     Mask sensitive key / value in log entries.
 
     Masks the value of specified key.
     obj: a dict or a string representation of a dict, or None
     """
-    if type(obj) == str:
-        obj = json.loads(obj)
+    if type(source_dict) == str:
+        source_dict = json.loads(source_dict)
 
-    if type(obj) != dict:
-        raise TypeError("obj must be a dict or a json serializable string")
+    if type(source_dict) != dict:
+        raise TypeError("source_dict must be a dict or a json serializable string")
 
-    to_mask = {}
-    for key in obj:
-        value = obj[key]
+    recursed_dict = {}
+    for key in source_dict:
+        value = source_dict[key]
         if type(value) == dict:
-            value = masked_dict(obj=value, sensitive_keys=sensitive_keys, message=message)
-        to_mask[key] = value
+            value = masked_dict(source_dict=value, sensitive_keys=sensitive_keys, message=message)
+        recursed_dict[key] = value
 
-    def redact(key: str, obj: dict) -> dict:
-        if key in obj:
-            obj[key] = message
-        return obj
-
-    for key in sensitive_keys:
-        to_mask = redact(key=key, obj=to_mask)
-    return to_mask
+    for lower_case_sensitive_key in [x.lower() for x in sensitive_keys]:
+        if lower_case_sensitive_key in [x.lower() for x in recursed_dict.keys()]:
+            for original_key in recursed_dict:
+                if original_key.lower() == lower_case_sensitive_key:
+                    recursed_dict[original_key] = message
+    return recursed_dict
 
 
 def masked_dict2str(
@@ -79,14 +79,7 @@ def masked_dict2str(
     message: str = DEFAULT_REDACTION_MESSAGE,
 ) -> str:
     """Return a JSON encoded string representation of a masked dict."""
-    to_serialize = {}
-    for key in obj:
-        value = obj[key]
-        if type(value) == dict:
-            value = masked_dict(value, sensitive_keys, message=message)
-        to_serialize[key] = value
-
-    return json.dumps(masked_dict(to_serialize, sensitive_keys, message=message), cls=_JSONEncoder, indent=indent)
+    return json.dumps(masked_dict(obj, sensitive_keys, message=message), cls=_JSONEncoder, indent=indent)
 
 
 def serialized_masked_dict(

diff --git a/tests.py b/tests.py
@@ -76,13 +76,24 @@ class Test3:
 
     # test 6
     print("test 6 - masked_dict() with custom parameters")  # noqa: T201
-    print(masked_dict(test_dict, sensitive_keys=["insensitive_key"], message=" -- SHAME ON YOU -- "))  # noqa: T201
+    print(masked_dict(test_dict, sensitive_keys=["insensitive_key"], message=" -- TEST 6 MESSAGE -- "))  # noqa: T201
 
     # test 7
     print("test 7 - masked_dict2str() w defaults")  # noqa: T201
     print(masked_dict2str(test_dict))  # noqa: T201
 
     # test 8
     print("test 8 - masked_dict2str() w custom parameters")  # noqa: T201
-    md = masked_dict2str(test_dict, sensitive_keys=["insensitive_key"], message=" -- SHAME ON YOU -- ", indent=2)
+    md = masked_dict2str(test_dict, sensitive_keys=["insensitive_key"], message=" -- TEST 8 MESSAGE -- ", indent=2)
     print(md)  # noqa: T201
+
+    # test 9
+    print("test 9 - masked_dict2str() upper case keys")  # noqa: T201
+    test_dict = {
+        "insensitive_key": "you-can-see-me",
+        "AWS_ACCESS_KEY_ID": "i-am-hidden",
+        "AWS_Secret_Access_Key": "so-am-i",
+    }
+    print(test_dict)  # noqa: T201
+    print(masked_dict(test_dict))  # noqa: T201
+    print(masked_dict2str(test_dict))  # noqa: T201