From c75848dbbdbd615b7bf6c2fe65ce3e8617059e76 Mon Sep 17 00:00:00 2001
From: aldbr <aldbr@outlook.com>
Date: Wed, 16 Oct 2024 10:25:12 +0200
Subject: [PATCH] sweep: #7835 fix(Resources): hide private key from the logs

---
 src/DIRAC/Resources/LogFilters/SensitiveDataFilter.py | 1 +
 src/DIRAC/Resources/LogFilters/test/Test_LogFilter.py | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/src/DIRAC/Resources/LogFilters/SensitiveDataFilter.py b/src/DIRAC/Resources/LogFilters/SensitiveDataFilter.py
index 8240c24b88c..eed05e10ec3 100644
--- a/src/DIRAC/Resources/LogFilters/SensitiveDataFilter.py
+++ b/src/DIRAC/Resources/LogFilters/SensitiveDataFilter.py
@@ -43,6 +43,7 @@ def __filter(self, record):
         # a list of sensitive words to replace
         sensitiveData = [
             r"-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----",
+            r"-----BEGIN PRIVATE KEY-----.*?-----END PRIVATE KEY-----",
         ]
 
         # record.args can be a tuple
diff --git a/src/DIRAC/Resources/LogFilters/test/Test_LogFilter.py b/src/DIRAC/Resources/LogFilters/test/Test_LogFilter.py
index 748b4f27791..4cebee7da2a 100644
--- a/src/DIRAC/Resources/LogFilters/test/Test_LogFilter.py
+++ b/src/DIRAC/Resources/LogFilters/test/Test_LogFilter.py
@@ -93,6 +93,14 @@ def test_pf(pf, record, result):
             ("blablabla ***REDACTED*** blablabla", "Variable message"),
             # should not display the certificate
         ),
+        (
+            (
+                "blablabla -----BEGIN PRIVATE KEY-----\n12345\n45678\n-----END PRIVATE KEY----- blablabla",
+                "Variable message",
+            ),
+            ("blablabla ***REDACTED*** blablabla", "Variable message"),
+            # should not display the certificate
+        ),
         ((5, ""), ("5", "")),  # special case
         (("", 5), ("", "5")),  # special case
         (({"ce": "test"}, ""), ("{'ce': 'test'}", "")),  # special case