Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
db32ff2cdf678fa8edd12c9da76a76eef0478614
edx-platform/common/djangoapps/util/tests/test_log_sensitive.py
Tim McCormack 1e55b4e1b6 feat: Add utility for logging sensitive information using encryption (#29682) 
Introduces `common.djangoapps.util.log_sensitive module` for
public-key encryption of sensitive debug information in log
messages, including CLI commands for generating keys and
decrypting log output.

Also:

- Adds `PyNaCl` to base requirements for encryption tools
- Requirements upgrade

ref: ARCHBOM-1940
2022-01-05 21:37:45 +00:00

29 lines
1.1 KiB
Python
Raw Blame History

"""
Tests for util.logging
"""
import re
from common.djangoapps.util.log_sensitive import decrypt_log_message, encrypt_for_log, generate_reader_keys
def test_encryption_round_trip():
reader_keys = generate_reader_keys()
reader_public_64 = reader_keys['public']
reader_private_64 = reader_keys['private']
to_log = encrypt_for_log("Testing testing 1234", reader_public_64)
re_base64 = r'[a-zA-Z0-9/+=]'
assert re.fullmatch(f'\\[encrypted: {re_base64}+\\|{re_base64}+\\]', to_log)
to_decrypt = to_log.partition('[encrypted: ')[2].rstrip(']')
decrypted = decrypt_log_message(to_decrypt, reader_private_64)
assert decrypted == "Testing testing 1234"
# Also check that decryption still works if someone accidentally
# copies in the trailing framing "]" character, just as a
# nice-to-have. (base64 module should handle this already, since
# it stops reading at the first invalid base64 character.)
decrypted_again = decrypt_log_message(to_decrypt + ']', reader_private_64)
assert decrypted_again == "Testing testing 1234"
Reference in New Issue View Git Blame Copy Permalink