From 255e6d5734de5bea797e92d8225b74aac221124b Mon Sep 17 00:00:00 2001 From: Jim King Date: Thu, 24 Sep 2020 15:57:32 -0400 Subject: [PATCH] allow the same secret and identifier to be redacted multiple times --- interposer/tapedeck.py | 13 +++++++++---- tests/tapedeck_test.py | 2 ++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/interposer/tapedeck.py b/interposer/tapedeck.py index e75cb19..a5d09a6 100644 --- a/interposer/tapedeck.py +++ b/interposer/tapedeck.py @@ -378,19 +378,24 @@ def redact(self, secret: str, identifier: str) -> str: key = f"_redact_{identifier}" if self.mode == Mode.Recording: + secretlen = len(secret) + redacted = (identifier + ("_" * secretlen))[:secretlen] + if self._redactions.get(secret) == redacted: + # calling it more than once for the same secret and ID is ok + return secret + if self._tape.get(key): raise AttributeError( - f"{identifier} has already been used to redact a secret" + f"{identifier} has already been used to redact another secret" ) - secretlen = len(secret) - self._redactions[secret] = (identifier + ("_" * secretlen))[:secretlen] + self._redactions[secret] = redacted self._tape[key] = secretlen return secret else: secretlen = self._tape.get(key) if not secretlen: raise AttributeError( - f"{identifier} was not used during recording to redact a secret" + f"{identifier} was not used during recording to redact this secret" ) return (identifier + ("_" * secretlen))[:secretlen] diff --git a/tests/tapedeck_test.py b/tests/tapedeck_test.py index 5f0ebe4..6cd7df7 100644 --- a/tests/tapedeck_test.py +++ b/tests/tapedeck_test.py @@ -243,6 +243,8 @@ def test_recording_secrets(self): # a secret redaction identifier can only be used once in a recording with self.assertRaises(AttributeError): uut.redact("foo", "REDACTED_SMALLER_THAN_ORIGINAL") + # but if the secret is the same that is not an error + assert uut.redact(token, "REDACTED_SMALLER_THAN_ORIGINAL") == token # now during playback see everything with a secret (token) has been redacted!