Replace the call to re.findall with re.sub in _mask_credentials so (#413

) matched values are not treated as regex patterns This fixes #410
jazzband · Apr 7, 2020 · 186cfb3 · 186cfb3
1 parent 477e5e6
commit 186cfb3
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 7 deletions.
diff --git a/project/tests/test_sensitive_data_in_request.py b/project/tests/test_sensitive_data_in_request.py
@@ -36,6 +36,9 @@ def test_mask_credentials_handles_prefixes(self):
     def test_mask_credentials_handles_suffixes(self):
         self.assertNotIn("secret", self._mask("username-with-suffix=secret"))
 
+    def test_mask_credentials_handles_regex_characters(self):
+        self.assertNotIn("secret", self._mask("password=secret++"))
+
     def test_mask_credentials_handles_complex_cases(self):
         self.assertNotIn("secret", self._mask("foo=public&prefixed-uSeRname-with-suffix=secret&bar=public"))
 

diff --git a/silk/model_factory.py b/silk/model_factory.py
@@ -123,15 +123,9 @@ def replace_pattern_values(obj):
         except Exception as e:
             pattern = re.compile(r'({})[^=]*=(.*?)(&|$)'.format(key_string), re.M | re.I)
             try:
-                results = re.findall(pattern, body)
+                body = re.sub(pattern, '\\1={}\\3'.format(RequestModelFactory.CLEANSED_SUBSTITUTE), body)
             except Exception:
                 Logger.debug('{}'.format(str(e)))
-            else:
-                for res in results:
-                    try:
-                        body = re.sub(res[1], RequestModelFactory.CLEANSED_SUBSTITUTE, body)
-                    except Exception:
-                        Logger.debug('{}'.format(str(e)))
         else:
             body = json.dumps(replace_pattern_values(json_body))