Change secret replacement so that it is not re-processed by urlencode…

… in query parameters
openzim · Mar 12, 2024 · 6effbe8 · 6effbe8
1 parent efa7aed
commit 6effbe8
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 51 deletions.
diff --git a/dispatcher/backend/src/common/constants.py b/dispatcher/backend/src/common/constants.py
@@ -75,7 +75,7 @@
 SLACK_ICON = os.getenv("SLACK_ICON")
 
 # string to replace hidden secrets with
-SECRET_REPLACEMENT = "********"  # nosec
+SECRET_REPLACEMENT = "--------"  # nosec
 
 # ###
 # workers whitelist management

diff --git a/dispatcher/backend/src/tests/unit/routes/test_utils.py b/dispatcher/backend/src/tests/unit/routes/test_utils.py
@@ -29,12 +29,12 @@
                     "task_name": "kolibri",
                     "flags": {
                         "name": "khanacademy_en_all",
-                        "optimization-cache": "********",
+                        "optimization-cache": "--------",
                     },
                     "command": [
                         "kolibri2zim",
                         '--name="khanacademy_en_all"',
-                        '--optimization-cache="********"',
+                        '--optimization-cache="--------"',
                     ],
                 },
                 "upload": None,
@@ -62,12 +62,12 @@
                     "task_name": "kolibri",
                     "flags": {
                         "name": "khanacademy_en_all",
-                        "optimization-cache": "********",
+                        "optimization-cache": "--------",
                     },
                     "command": [
                         "kolibri2zim",
                         '--name="khanacademy_en_all"',
-                        '--optimization-cache="********"',
+                        '--optimization-cache="--------"',
                     ],
                 },
             },
@@ -94,12 +94,12 @@
                     "task_name": "kolibri",
                     "flags": {
                         "name": "khanacademy_en_all",
-                        "optimization-cache": "********",
+                        "optimization-cache": "--------",
                     },
                     "command": [
                         "kolibri2zim",
                         '--name="khanacademy_en_all"',
-                        '--optimization-cache="********"',
+                        '--optimization-cache="--------"',
                     ],
                 },
             },
@@ -127,13 +127,13 @@
                     "task_name": "kolibri",
                     "flags": {
                         "name": "khanacademy_en_all",
-                        "optimization-cache": "********",
+                        "optimization-cache": "--------",
                         "flag_missing_in_commang": "some_value",
                     },
                     "command": [
                         "kolibri2zim",
                         '--name="khanacademy_en_all"',
-                        '--optimization-cache="********"',
+                        '--optimization-cache="--------"',
                     ],
                 },
             },
@@ -156,7 +156,7 @@
                     "task_name": "kolibri",
                     "flags": {
                         "name": "khanacademy_en_all",
-                        "optimization-cache": "********",
+                        "optimization-cache": "--------",
                         "flag_missing_in_commang": "some_value",
                     },
                 },
@@ -195,23 +195,23 @@
                     "task_name": "kolibri",
                     "flags": {
                         "name": "khanacademy_en_all",
-                        "optimization-cache": "********",
+                        "optimization-cache": "--------",
                     },
                     "command": [
                         "kolibri2zim",
                         '--name="khanacademy_en_all"',
-                        '--optimization-cache="********"',
+                        '--optimization-cache="--------"',
                     ],
                     "str_command": (
                         'kolibri2zim --name="khanacademy_en_all" '
-                        '--optimization-cache="********"'
+                        '--optimization-cache="--------"'
                     ),
                 },
                 "container": {
                     "command": [
                         "kolibri2zim",
                         '--name="khanacademy_en_all"',
-                        '--optimization-cache="********"',
+                        '--optimization-cache="--------"',
                     ],
                 },
             },
@@ -240,14 +240,14 @@
                     "task_name": "kolibri",
                     "flags": {
                         "name": "khanacademy_en_all",
-                        "optimization-cache": "********",
+                        "optimization-cache": "--------",
                     },
                 },
                 "container": {
                     "command": [
                         "kolibri2zim",
                         '--name="khanacademy_en_all"',
-                        '--optimization-cache="********"',
+                        '--optimization-cache="--------"',
                     ],
                 },
             },
@@ -276,14 +276,14 @@
                     "task_name": "kolibri",
                     "flags": {
                         "name": "khanacademy_en_all",
-                        "optimization-cache": "********",
+                        "optimization-cache": "--------",
                     },
                 },
                 "container": {
                     "command": [
                         "kolibri2zim",
                         '--name="khanacademy_en_all"',
-                        '--optimization-cache="********"',
+                        '--optimization-cache="--------"',
                     ],
                 },
             },
@@ -312,14 +312,14 @@
                     "task_name": "kolibri",
                     "flags": {
                         "name": "khanacademy_en_all",
-                        "optimization-cache": "********",
+                        "optimization-cache": "--------",
                     },
                 },
                 "container": {
                     "command": [
                         "kolibri2zim",
                         '--name="khanacademy_en_all"',
-                        '--optimization-cache="********"',
+                        '--optimization-cache="--------"',
                     ],
                 },
             },
@@ -358,24 +358,24 @@
                     "task_name": "kolibri",
                     "flags": {
                         "name": "khanacademy_en_all",
-                        "optimization-cache": "********",
+                        "optimization-cache": "--------",
                     },
                     "command": [
                         "kolibri2zim",
                         '--name="khanacademy_en_all"',
-                        '--optimization-cache="********"',
+                        '--optimization-cache="--------"',
                     ],
                     "str_command": (
                         'kolibri2zim --name="khanacademy_en_all" '
-                        '--optimization-cache="********"'
+                        '--optimization-cache="--------"'
                     ),
                 },
                 "container": {
                     "command": [
                         "something",
                         "kolibri2zim",
                         '--name="khanacademy_en_all"',
-                        '--optimization-cache="********"',
+                        '--optimization-cache="--------"',
                     ],
                 },
             },
@@ -426,34 +426,34 @@
                     "task_name": "kolibri",
                     "flags": {
                         "name": "khanacademy_en_all",
-                        "optimization-cache": "********",
+                        "optimization-cache": "--------",
                     },
                     "command": [
                         "kolibri2zim",
                         '--name="khanacademy_en_all"',
-                        '--optimization-cache="********"',
+                        '--optimization-cache="--------"',
                     ],
                     "str_command": (
                         'kolibri2zim --name="khanacademy_en_all" '
-                        '--optimization-cache="********"'
+                        '--optimization-cache="--------"'
                     ),
                 },
                 "upload": {
                     "logs": {
                         "expiration": 60,
                         "upload_uri": (
                             "s3://s3.us-west-1.wasabisys.com/"
-                            "?keyId=********"
-                            "&secretAccessKey=********"
+                            "?keyId=--------"
+                            "&secretAccessKey=--------"
                             "&bucketName=org-kiwix-zimfarm-logs"
                         ),
                     },
                     "artifacts": {
                         "expiration": 20,
                         "upload_uri": (
                             "s3://s3.us-west-1.wasabisys.com/"
-                            "?keyId=********"
-                            "&secretAccessKey=********"
+                            "?keyId=--------"
+                            "&secretAccessKey=--------"
                             "&bucketName=org-kiwix-zimfarm-artifacts"
                         ),
                     },
@@ -486,15 +486,15 @@
                     "task_name": "kolibri",
                     "flags": {
                         "name": "khanacademy_en_all",
-                        "optimization-cache": "********",
+                        "optimization-cache": "--------",
                     },
                 },
                 "i_am_not_a_real": {
                     "response_but": {
                         "please_clean_me": (
                             "something\nwhat s3://s3.us-west-1.wasabisys.com/"
-                            "?keyId=********"
-                            "&secretAccessKey=********"
+                            "?keyId=--------"
+                            "&secretAccessKey=--------"
                             "&bucketName=org-kiwix-zimfarm-logs what\n"
                             "something\n"
                         ),
@@ -580,57 +580,57 @@ def test_remove_secrets(response, expected_response):
             {
                 "please_clean_me1": (
                     "s3://s3.us-west-1.wasabisys.com/"
-                    "?keyId=********"
-                    "&secretAccessKey=********"
+                    "?keyId=--------"
+                    "&secretAccessKey=--------"
                     "&bucketName=org-kiwix-zimfarm-logs"
                 ),
                 "please_clean_me2": (
                     "s3://s3.us-west-1.wasabisys.com/"
                     "?bucketName=org-kiwix-zimfarm-logs"
-                    "&keyId=********"
-                    "&secretAccessKey=********"
+                    "&keyId=--------"
+                    "&secretAccessKey=--------"
                 ),
                 "please_clean_me3": (
                     "s3://s3.us-west-1.wasabisys.com/"
                     "?bucketName=org-kiwix-zimfarm-logs"
-                    "&keyId=********"
-                    "&secretAccessKey=********"
+                    "&keyId=--------"
+                    "&secretAccessKey=--------"
                     "&something=somevalue"
                 ),
                 "please_clean_me4": (
                     "s3://s3.us-west-1.wasabisys.com/"
                     "?bucketName=org-kiwix-zimfarm-logs"
-                    "&secretAccessKey=********"
+                    "&secretAccessKey=--------"
                     "&something=somevalue"
-                    "&keyId=********"
+                    "&keyId=--------"
                     "&something2=somevalue2"
                 ),
                 "please_clean_me5": (
                     " s3://s3.us-west-1.wasabisys.com/"
-                    "?keyId=********"
-                    "&secretAccessKey=********"
+                    "?keyId=--------"
+                    "&secretAccessKey=--------"
                     "&bucketName=org-kiwix-zimfarm-logs"
                 ),
                 "please_clean_me6": (
                     "s3://s3.us-west-1.wasabisys.com/"
-                    "?keyId=********"
-                    "&secretAccessKey=********"
+                    "?keyId=--------"
+                    "&secretAccessKey=--------"
                     "&bucketName=org-kiwix-zimfarm-logs "
                 ),
                 "please_clean_me7": (
                     "something s3://s3.us-west-1.wasabisys.com/"
-                    "?keyId=********"
-                    "&secretAccessKey=********"
+                    "?keyId=--------"
+                    "&secretAccessKey=--------"
                     "&bucketName=org-kiwix-zimfarm-logs \n"
                     "something s3://s3.us-west-1.wasabisys.com/"
-                    "?secretAccessKey=********"
+                    "?secretAccessKey=--------"
                     "&bucketName=org-kiwix-zimfarm-logs \n"
                     "something s3://s3.us-west-1.wasabisys.com/"
-                    "?keyId=********"
+                    "?keyId=--------"
                     "&bucketName=org-kiwix-zimfarm-logs \n"
                     "something s3://s3.us-west-1.wasabisys.com/"
                     "?bucketName=org-kiwix-zimfarm-logs"
-                    "&keyId=******** \n"
+                    "&keyId=-------- \n"
                     "something"
                 ),
                 "please_clean_me8": (