-
Notifications
You must be signed in to change notification settings - Fork 28
/
json_redacter_test.go
89 lines (73 loc) · 2.98 KB
/
json_redacter_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package lager_test
import (
"code.cloudfoundry.org/lager/v3"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
)
var _ = Describe("JSON Redacter", func() {
var (
resp []byte
err error
jsonRedacter *lager.JSONRedacter
)
BeforeEach(func() {
jsonRedacter, err = lager.NewJSONRedacter(nil, []string{`amazonkey`, `AKIA[A-Z0-9]{16}`})
Expect(err).NotTo(HaveOccurred())
})
Context("when called with normal (non-secret) json", func() {
BeforeEach(func() {
resp = jsonRedacter.Redact([]byte(`{"foo":"bar"}`))
})
It("should return the same text", func() {
Expect(resp).To(Equal([]byte(`{"foo":"bar"}`)))
})
})
Context("when called with secrets inside the json", func() {
BeforeEach(func() {
resp = jsonRedacter.Redact([]byte(`{"foo":"fooval","password":"secret!","something":"AKIA1234567890123456"}`))
})
It("should redact the secrets", func() {
Expect(resp).To(Equal([]byte(`{"foo":"fooval","password":"*REDACTED*","something":"*REDACTED*"}`)))
})
})
Context("when a password flag is specified", func() {
BeforeEach(func() {
resp = jsonRedacter.Redact([]byte(`{"abcPwd":"abcd","password":"secret!","userpass":"fooval"}`))
})
It("should redact the secrets", func() {
Expect(resp).To(Equal([]byte(`{"abcPwd":"*REDACTED*","password":"*REDACTED*","userpass":"*REDACTED*"}`)))
})
})
Context("when called with an array of objects with a secret", func() {
BeforeEach(func() {
resp = jsonRedacter.Redact([]byte(`[{"foo":"fooval","password":"secret!","something":"amazonkey"}]`))
})
It("should redact the secrets", func() {
Expect(resp).To(Equal([]byte(`[{"foo":"fooval","password":"*REDACTED*","something":"*REDACTED*"}]`)))
})
})
Context("when called with a private key inside an array of strings", func() {
BeforeEach(func() {
resp = jsonRedacter.Redact([]byte(`["foo", "secret!", "amazonkey"]`))
})
It("should redact the amazonkey", func() {
Expect(resp).To(Equal([]byte(`["foo","secret!","*REDACTED*"]`)))
})
})
Context("when called with a private key inside a nested object", func() {
BeforeEach(func() {
resp = jsonRedacter.Redact([]byte(`{"foo":"fooval", "secret_stuff": {"password": "secret!"}}`))
})
It("should redact the amazonkey", func() {
Expect(resp).To(Equal([]byte(`{"foo":"fooval","secret_stuff":{"password":"*REDACTED*"}}`)))
})
})
It("DefaultValuePatterns returns the default set of value patterns", func() {
Expect(lager.DefaultValuePatterns()).To(ContainElement(`AKIA[A-Z0-9]{16}`))
Expect(lager.DefaultValuePatterns()).To(ContainElement(`KEY["']?\s*(?::|=>|=)\s*["']?[A-Z0-9/\+=]{40}["']?`))
Expect(lager.DefaultValuePatterns()).To(ContainElement(`\$1\$[A-Z0-9./]{1,16}\$[A-Z0-9./]{22}`))
Expect(lager.DefaultValuePatterns()).To(ContainElement(`\$5\$[A-Z0-9./]{1,16}\$[A-Z0-9./]{43}`))
Expect(lager.DefaultValuePatterns()).To(ContainElement(`\$6\$[A-Z0-9./]{1,16}\$[A-Z0-9./]{86}`))
Expect(lager.DefaultValuePatterns()).To(ContainElement(`-----BEGIN(.*)PRIVATE KEY-----`))
})
})