Merge pull request DIRACGrid#7835 from aldbr/v8.0_FIX_sensitive-log-f…

…ilter fix(Resources): hide private key from the logs
chaen · Oct 16, 2024 · ab3e80b · ab3e80b
2 parents 773d412 + 361518f
commit ab3e80b
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 1 deletion.
diff --git a/release.notes b/release.notes
@@ -9,7 +9,7 @@ FIX: (#7818) AREXCE returns an error if a queue is not found in the ARC instance
 
 *TransformationSystem
 
-NEW: (#7812) 
+NEW: (#7812)
 CHANGE: (#7812) Improve getTransformationFiles performance
 
 FIX: (#7811) SSHCE, Try python3 before unversioned python

diff --git a/src/DIRAC/Resources/LogFilters/SensitiveDataFilter.py b/src/DIRAC/Resources/LogFilters/SensitiveDataFilter.py
@@ -43,6 +43,7 @@ def __filter(self, record):
         # a list of sensitive words to replace
         sensitiveData = [
             r"-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----",
+            r"-----BEGIN PRIVATE KEY-----.*?-----END PRIVATE KEY-----",
         ]
 
         # record.args can be a tuple

diff --git a/src/DIRAC/Resources/LogFilters/test/Test_LogFilter.py b/src/DIRAC/Resources/LogFilters/test/Test_LogFilter.py
@@ -93,6 +93,14 @@ def test_pf(pf, record, result):
             ("blablabla ***REDACTED*** blablabla", "Variable message"),
             # should not display the certificate
         ),
+        (
+            (
+                "blablabla -----BEGIN PRIVATE KEY-----\n12345\n45678\n-----END PRIVATE KEY----- blablabla",
+                "Variable message",
+            ),
+            ("blablabla ***REDACTED*** blablabla", "Variable message"),
+            # should not display the certificate
+        ),
         ((5, ""), ("5", "")),  # special case
         (("", 5), ("", "5")),  # special case
         (({"ce": "test"}, ""), ("{'ce': 'test'}", "")),  # special case