Skip to content

fix: Catch multiple leak occurrences in same string #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

fix: Catch multiple leak occurrences in same string #5

wants to merge 3 commits into from

Conversation

diogosilva30
Copy link

@diogosilva30 diogosilva30 commented Mar 26, 2025
edited
Loading

Main change

  • Allows to catch more than 1 leak in same string. Before only the first instance was being catch, and tests were also looking at this case. Tests were updated to cover these more complex cases.

Example:

from maskerlogger import mask_string
my_str="This is some confidential line, and the user password: mysuperSecretPassword and btw the user apiKey=AIzaSyabcdefghijklmnopqrstuvwxyz1234567"
# Output:
# This is some confidential line, and the user password: ********************* and btw the user apiKey=***************************************
# Before this change only the password would have been masked and not the ApiKey :(
  • Removes the main masking logic from AbstractMaskedLogger and instead logic is placed into a independent function mask_string. This allow + flexible usage of the codebase. For example, in my use case I want to have access to this function to cleanup a string outside of logging context, but since logic is currently hidden inside AbstractMaskedLogger._mask_sensitive_data and the argument is a LogRecord we cannot use this logic for more generic cases. By abstracting away the logic to an independent mask_string method we can use this code base into other use-cases. Retro-compatibility is ensured by calling mask_string inside AbstractMaskedLogger._mask_sensitive_data.

Example use case:

from maskerlogger import mask_string
my_str= "Here I have a generic string with a potential leak. Password: mypasswordoops"
masked_my_str=mask_string(my_str)
# Done! My str was cleaned into a context that is not related to logging at all. Awesome library :)

Additional

  • Performs general code cleanup (more pythonic code, better type hints, code formatting, etc)
  • Changes the rule generic-api-key to allow common chars that are used in passwords/api keys, and reduce minimum length to 8 instead of 10, as it's very common for passwords to have 8 as required minimum chars

@diogosilva30 diogosilva30 changed the title fix: Catch multiple leak occurrences in same string & general code cl… fix: Catch multiple leak occurrences in same string Mar 26, 2025
@diogosilva30
Copy link
Author

@nvuillam @tamar-ox @oxnick Please let me know if you find these changes useful and if something should be changed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@diogosilva30