Redacting PII data in str/repr of non primitive objects #12
Description
Describe the bug
For objects where the information to be redacted exists in the str/repr of the object but do not match the types that are checked in the redact method, the information to be redacted leaks through.
To Reproduce
Basic Example:
In [1]: import logging
In [2]: import sys
In [3]: import re
In [4]:
In [4]: LOGGING = {
...: 'version': 1,
...: 'formatters': {
...: 'default': {
...: 'format': '%(levelname)s %(message)s',
...: },
...: },
...: 'filters':{
...: 'pii': {
...: '()': 'loggingredactor.RedactingFilter',
...: 'mask_keys': ('password', 'email', 'last_name', 'first_name', 'gender', 'lastname', 'firstname',),
...: 'mask_patterns': (re.compile(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'),), # email regex
...: 'mask': 'REDACTED',
...: },
...: },
...: 'handlers': {
...: 'stdout': {
...: 'level': 'DEBUG',
...: 'class': 'logging.StreamHandler',
...: 'formatter': 'default',
...: 'stream': sys.stdout,
...: 'filters': ['pii'],
...: },
...: },
...: 'loggers': {
...: 'default': {
...: 'handlers': ['stdout'],
...: 'level': 'INFO',
...: 'propagate': True,
...: },
...: },
...: }
In [5]:
In [5]: logging.config.dictConfig(LOGGING)
In [6]: logger = logging.getLogger('default')
In [7]:
In [7]: class Foo:
...: def __str__(self):
...: return 'test@email.com'
...:
In [8]: logger.info('test@email.com - %s', Foo())
INFO REDACTED - test@email.comExpected behavior
Text in the repr should be redacted if that is what is being logged
Metadata
Metadata
Assignees
Labels
No labels