From cff7dff9619cfa467c6ed8943c818f7d4b2f4918 Mon Sep 17 00:00:00 2001 From: Harry Ankers Date: Tue, 5 Mar 2024 10:17:11 +0000 Subject: [PATCH] Fix: Enabling username and passwords to be obfuscated --- rq_dashboard/web.py | 4 ++-- tests/test_basic.py | 17 ++++++++++++++++- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/rq_dashboard/web.py b/rq_dashboard/web.py index 98b11c06..c30df68a 100644 --- a/rq_dashboard/web.py +++ b/rq_dashboard/web.py @@ -278,9 +278,9 @@ def get_queue_registry_jobs_count(queue_name, registry_name, offset, per_page): def escape_format_instance_list(url_list): if isinstance(url_list, (list, tuple)): - url_list = [re.sub(r"://:[^@]*@", "://:***@", x) for x in url_list] + url_list = [re.sub(r":\/\/[^@]*@", "://***:***@", x) for x in url_list] elif isinstance(url_list, string_types): - url_list = [re.sub(r"://:[^@]*@", "://:***@", url_list)] + url_list = [re.sub(r":\/\/[^@]*@", "://***:***@", url_list)] return url_list diff --git a/tests/test_basic.py b/tests/test_basic.py index d68649f1..44179c1f 100644 --- a/tests/test_basic.py +++ b/tests/test_basic.py @@ -5,6 +5,7 @@ from rq import Queue, Worker, pop_connection, push_connection from rq_dashboard.cli import make_flask_app +from rq_dashboard.web import escape_format_instance_list HTTP_OK = 200 @@ -107,6 +108,20 @@ def test_worker_version_field(self): w.register_death() + def test_instance_escaping(self): + expected_redis_instance = "redis://***:***@redis.example.com:6379" + self.assertEqual( + escape_format_instance_list( + [ + "redis://myuser:secretpassword@redis.example.com:6379", + "redis://:secretpassword@redis.example.com:6379", + "redis://:@redis.example.com:6379", + ] + ), + [expected_redis_instance, expected_redis_instance, expected_redis_instance], + ) + + __all__ = [ 'BasicTestCase', -] +] \ No newline at end of file