o RDi"@srdZddlmZddlZddlZddlZddlmZeddZ eddZ Gd d d eZ Gd d d ej Z dS) zThe secret detector detects sensitive information. It masks secrets that might be leaked from two potential avenues 1. Out of Band Telemetry 2. Logging ) annotationsN) NamedTuple MIN_TOKEN_LEN MIN_PWD_LENc@s2eZdZUdZded<dZded<dZded<dS)MaskedMessageDataFbool is_maskedNz str | None masked_text error_str)__name__ __module__ __qualname__r __annotations__r r rr\/var/www/Datamplify/venv/lib/python3.10/site-packages/snowflake/connector/secret_detector.pyrs  rcseZdZejdejdZejdejdZejdejdZejdej ejBdZ ejdej ejBdZ ejdejdZ ejdejdZ d Zed&d dZed&ddZed&ddZed&ddZed&ddZed&ddZed&ddZed'ddZed(d!d"Zd)fd$d% ZZS)*SecretDetectorzK(aws_key_id|aws_secret_key|access_key_id|secret_access_key)\s*=\s*'([^']+)')flagszB(accessToken|tempToken|keySecret)"\s*:\s*"([a-z0-9/+]{32,}={0,2})"zM(sig|signature|AWSAccessKeyId|password|passcode)=(?P[a-z0-9%/+]{16,})zP-{3,}BEGIN [A-Z ]*PRIVATE KEY-{3,}\n([\s\S]*?)\n-{3,}END [A-Z ]*PRIVATE KEY-{3,}z)"privateKeyData": "([a-z0-9/+=\\n]{10,})"z=(token|assertion content)([\'\"\s:=]+)([a-z0-9=/_\-\+\.]{8,})z[(password|pwd)([\'\"\s:=]+)([a-z0-9!\"#\$%&\\\'\(\)\*\+\,-\./:;<=>\?\@\[\]\^_`\{\|\}~]{1,})z****textstrreturncCtjdtj|SNz\1\2)rCONNECTION_TOKEN_PATTERNsubSECRET_STARRED_MASK_STRrrrrmask_connection_token< z$SecretDetector.mask_connection_tokencCrr)rPASSWORD_PATTERNrrrrrr mask_passwordBrzSecretDetector.mask_passwordcCstjddtjd|S)N\1=')rAWS_KEY_PATTERNrrrrrr mask_aws_keysHszSecretDetector.mask_aws_keyscCr)Nr")rSAS_TOKEN_PATTERNrrrrrrmask_sas_tokensNrzSecretDetector.mask_sas_tokenscCtjd|S)Nz \1":"XXXX")rAWS_TOKEN_PATTERNrrrrrmask_aws_tokensTszSecretDetector.mask_aws_tokenscCr()Nz>-----BEGIN PRIVATE KEY-----\\nXXXX\\n-----END PRIVATE KEY-----)rPRIVATE_KEY_PATTERNrrrrrmask_private_keyXzSecretDetector.mask_private_keycCr()Nz"privateKeyData": "XXXX")rPRIVATE_KEY_DATA_PATTERNrrrrrmask_private_key_data^r-z$SecretDetector.mask_private_key_datarcCs|durtSd}d}zttttttt|}||kr)d}Wnt yF}zd}t |}t |}WYd}~nd}~wwt|||S)zMasks any secrets. This is the method that should be used by outside classes. Args: text: A string which may contain a secret. Returns: The masked string data in MaskedMessageData. NFT) rrrr!r/r,r*r'r% Exceptionr)rmaskederr_strr exrrr mask_secretsds8   zSecretDetector.mask_secretsoriginal_recordlogging.LogRecord error_messagecCsd|j|jdd|j|S)Nz{} - {} {} - {} - {} - {}zsecret_detector.pysanitize_log_str)formatasctime threadName levelname)r5r7rrrcreate_formatting_error_logsz*SecretDetector.create_formatting_error_logrecordc sz't|}t|\}}}|pd}|r"|dur%|||}W|SW|SW|StyD}z||dt|}WYd}~|Sd}~ww)aWrapper around logging module's formatter. This will ensure that the formatted message is free from sensitive credentials. Args: record: The logging record. Returns: Formatted desensitized log string. Nz EXCEPTION - )superr9rr4r=r0r)selfr>unsanitized_logr1optional_sanitized_logr2 sanitized_logr3 __class__rrr9s(    zSecretDetector.format)rrrr)rrrr)r5r6r7rrr)r>r6rr)r rrrecompile IGNORECASEr$r)r& MULTILINEr+r.rr r staticmethodrr!r%r'r*r,r/r4r=r9 __classcell__rrrErrs`          (  r)__doc__ __future__rloggingosrGtypingrgetenvrrr Formatterrrrrrs