Merge pull request #455 from OpenIDC/fix-sanitize

Fix sanitize function blowing on unicode characters
CZ-NIC · Jan 12, 2018 · a97ec9b · a97ec9b
2 parents 1ff13be + fdbf570
commit a97ec9b
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -24,6 +24,7 @@ The format is based on the [KeepAChangeLog] project.
 - [#436] Fixed client.read_registration
 - [#446] Fixed provider.read_registration
 - [#449] Fixed creation of error_response on client registration
+- [#421] Fixed handling of unicode in sanitize function
 - [#145] Successful token endpoint responses have correct no-cache headers
 
 [#430]: https://github.com/OpenIDC/pyoidc/pull/430
@@ -33,6 +34,7 @@ The format is based on the [KeepAChangeLog] project.
 [#443]: https://github.com/OpenIDC/pyoidc/pull/443
 [#446]: https://github.com/OpenIDC/pyoidc/issues/446
 [#449]: https://github.com/OpenIDC/pyoidc/issues/449
+[#449]: https://github.com/OpenIDC/pyoidc/issues/421
 [#134]: https://github.com/OpenIDC/pyoidc/issues/134
 [#457]: https://github.com/OpenIDC/pyoidc/issues/457
 [#145]: https://github.com/OpenIDC/pyoidc/issues/145

diff --git a/src/oic/utils/sanitize.py b/src/oic/utils/sanitize.py
@@ -2,6 +2,8 @@
 from collections import Mapping
 from textwrap import dedent
 
+import six
+
 SENSITIVE_THINGS = {'password', 'passwd', 'client_secret', 'code',
                     'authorization', 'access_token', 'refresh_token'}
 
@@ -26,7 +28,7 @@
 '''
 
 SANITIZE_PATTERN = dedent(SANITIZE_PATTERN.format('|'.join(SENSITIVE_THINGS)))
-SANITIZE_REGEX = re.compile(SANITIZE_PATTERN, re.VERBOSE | re.IGNORECASE)
+SANITIZE_REGEX = re.compile(SANITIZE_PATTERN, re.VERBOSE | re.IGNORECASE | re.UNICODE)
 
 
 def redacted(key, value):
@@ -42,6 +44,7 @@ def sanitize(potentially_sensitive):
         return dict(
             redacted(k.lower(), v) for k, v in potentially_sensitive.items())
     else:
-        potentially_sensitive = str(potentially_sensitive)
+        if not isinstance(potentially_sensitive, six.string_types):
+            potentially_sensitive = str(potentially_sensitive)
         return SANITIZE_REGEX.sub(r'\1{}'.format(REPLACEMENT),
                                   potentially_sensitive)
diff --git a/tests/test_sanitize.py b/tests/test_sanitize.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 import pytest
 
 from oic.oauth2.message import AccessTokenRequest
@@ -35,6 +36,8 @@
 
     ('Password=ubar&param=foo', 'Password=<REDACTED>&param=foo'),
     ({'password': u'bar', 'client_secret': b'foo'}, {'password': '<REDACTED>', 'client_secret': '<REDACTED>'}),
+    (u'code=ščřžáíé', 'code=<REDACTED>'),
+    ({'code': 'ščřžáíé'}, {'code': '<REDACTED>'}),
 ])
 def test_sanitize(raw, expected):
     assert sanitize(raw) == expected