Created
November 14, 2023 12:28
-
-
Save rezamt/ac8ab3b890969d3a08affc4ec083043a to your computer and use it in GitHub Desktop.
Filter Credentials
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a sample Python script. | |
| import json | |
| import re | |
| message = { | |
| "items": [ | |
| { | |
| "clientId": "<string>", | |
| "grantTypes": [ | |
| "REFRESH_TOKEN", | |
| "TOKEN_EXCHANGE" | |
| ], | |
| "name": "<string>", | |
| "enabled": "<boolean>", | |
| "redirectUris": [ | |
| "<string>", | |
| "<string>" | |
| ], | |
| "description": "<string>", | |
| "modificationDate": "<dateTime>", | |
| "creationDate": "<dateTime>", | |
| "logoUrl": "<string>", | |
| "defaultAccessTokenManagerRef": { | |
| "id": "<string>", | |
| "location": "<string>" | |
| }, | |
| "restrictToDefaultAccessTokenManager": "<boolean>", | |
| "validateUsingAllEligibleAtms": "<boolean>", | |
| "refreshRolling": "DONT_ROLL", | |
| "refreshTokenRollingIntervalType": "SERVER_DEFAULT", | |
| "refreshTokenRollingInterval": "<long>", | |
| "persistentGrantExpirationType": "OVERRIDE_SERVER_DEFAULT", | |
| "persistentGrantExpirationTime": "<long>", | |
| "persistentGrantExpirationTimeUnit": "DAYS", | |
| "persistentGrantIdleTimeoutType": "INDEFINITE_EXPIRY", | |
| "persistentGrantIdleTimeout": "<long>", | |
| "persistentGrantIdleTimeoutTimeUnit": "DAYS", | |
| "persistentGrantReuseType": "SERVER_DEFAULT", | |
| "persistentGrantReuseGrantTypes": [ | |
| "RESOURCE_OWNER_CREDENTIALS", | |
| "EXTENSION" | |
| ], | |
| "allowAuthenticationApiInit": "<boolean>", | |
| "bypassApprovalPage": "<boolean>", | |
| "restrictScopes": "<boolean>", | |
| "restrictedScopes": [ | |
| "<string>", | |
| "<string>" | |
| ], | |
| "exclusiveScopes": [ | |
| "<string>", | |
| "<string>" | |
| ], | |
| "authorizationDetailTypes": [ | |
| "<string>", | |
| "<string>" | |
| ], | |
| "restrictedResponseTypes": [ | |
| "<string>", | |
| "<string>" | |
| ], | |
| "requirePushedAuthorizationRequests": "<boolean>", | |
| "requireJwtSecuredAuthorizationResponseMode": "<boolean>", | |
| "requireSignedRequests": "<boolean>", | |
| "requestObjectSigningAlgorithm": "RS256", | |
| "oidcPolicy": { | |
| "idTokenSigningAlgorithm": "HS256", | |
| "idTokenEncryptionAlgorithm": "ECDH_ES_A256KW", | |
| "idTokenContentEncryptionAlgorithm": "AES_128_GCM", | |
| "policyGroup": { | |
| "id": "<string>", | |
| "location": "<string>" | |
| }, | |
| "grantAccessSessionRevocationApi": "<boolean>", | |
| "grantAccessSessionSessionManagementApi": "<boolean>", | |
| "PingFederateLogoutCapable": "<boolean>", | |
| "logoutUris": [ | |
| "<string>", | |
| "<string>" | |
| ], | |
| "pairwiseIdentifierUserType": "<boolean>", | |
| "sectorIdentifierUri": "<string>" | |
| }, | |
| "clientAuth": { | |
| "type": "PRIVATE_KEY_JWT", | |
| "secret": "93jlejrgfo98udofiuioujlesjr303480\p[ps[psf", | |
| "encryptedSecret": "df09i2309482038499230482034", | |
| "secondarySecrets": [ | |
| { | |
| "secret": "DFNr*ma76-0o+]4ddbN&?5s", | |
| "encryptedSecret": "DFSS<MFNr*ma76-0o+]4bN&?5s", | |
| "expiryTime": "<dateTime>" | |
| }, | |
| { | |
| "secret": "<MFNr*ma76-0o+]4bN&?`r4awl1)tCS5s", | |
| "encryptedSecret": "<MFNr*ma76-0o^v9+]4bN&?`r4awl1)tCS5s", | |
| "expiryTime": "<dateTime>" | |
| } | |
| ], | |
| "clientCertIssuerDn": "<string>", | |
| "clientCertSubjectDn": "<string>", | |
| "enforceReplayPrevention": "<boolean>", | |
| "tokenEndpointAuthSigningAlgorithm": "ES384" | |
| }, | |
| "jwksSettings": { | |
| "jwksUrl": "<string>", | |
| "jwks": "<string>" | |
| }, | |
| "extendedParameters": { | |
| "pariatur_a": { | |
| "values": [ | |
| "<string>", | |
| "<string>" | |
| ] | |
| }, | |
| "fugiat_84": { | |
| "values": [ | |
| "<string>", | |
| "<string>" | |
| ] | |
| } | |
| }, | |
| "deviceFlowSettingType": "SERVER_DEFAULT", | |
| "userAuthorizationUrlOverride": "<string>", | |
| "pendingAuthorizationTimeoutOverride": "<integer>", | |
| "devicePollingIntervalOverride": "<integer>", | |
| "bypassActivationCodeConfirmationOverride": "<boolean>", | |
| "requireProofKeyForCodeExchange": "<boolean>", | |
| "cibaDeliveryMode": "PING", | |
| "cibaNotificationEndpoint": "<string>", | |
| "cibaPollingInterval": "<integer>", | |
| "cibaRequireSignedRequests": "<boolean>", | |
| "cibaRequestObjectSigningAlgorithm": "ES512", | |
| "cibaUserCodeSupported": "<boolean>", | |
| "requestPolicyRef": { | |
| "id": "<string>", | |
| "location": "<string>" | |
| }, | |
| "tokenExchangeProcessorPolicyRef": { | |
| "id": "<string>", | |
| "location": "<string>" | |
| }, | |
| "refreshTokenRollingGracePeriodType": "SERVER_DEFAULT", | |
| "refreshTokenRollingGracePeriod": "<integer>", | |
| "clientSecretRetentionPeriodType": "OVERRIDE_SERVER_DEFAULT", | |
| "clientSecretRetentionPeriod": "<integer>", | |
| "clientSecretChangedTime": "<dateTime>", | |
| "tokenIntrospectionSigningAlgorithm": "ES512", | |
| "tokenIntrospectionEncryptionAlgorithm": "A192KW", | |
| "tokenIntrospectionContentEncryptionAlgorithm": "AES_192_GCM", | |
| "jwtSecuredAuthorizationResponseModeSigningAlgorithm": "ES384", | |
| "jwtSecuredAuthorizationResponseModeEncryptionAlgorithm": "A256GCMKW", | |
| "jwtSecuredAuthorizationResponseModeContentEncryptionAlgorithm": "AES_128_GCM" | |
| }, | |
| { | |
| "clientId": "<string>", | |
| "grantTypes": [ | |
| "AUTHORIZATION_CODE", | |
| "ACCESS_TOKEN_VALIDATION" | |
| ], | |
| "name": "<string>", | |
| "enabled": "<boolean>", | |
| "redirectUris": [ | |
| "<string>", | |
| "<string>" | |
| ], | |
| "description": "<string>", | |
| "modificationDate": "<dateTime>", | |
| "creationDate": "<dateTime>", | |
| "logoUrl": "<string>", | |
| "defaultAccessTokenManagerRef": { | |
| "id": "<string>", | |
| "location": "<string>" | |
| }, | |
| "restrictToDefaultAccessTokenManager": "<boolean>", | |
| "validateUsingAllEligibleAtms": "<boolean>", | |
| "refreshRolling": "DONT_ROLL", | |
| "refreshTokenRollingIntervalType": "OVERRIDE_SERVER_DEFAULT", | |
| "refreshTokenRollingInterval": "<long>", | |
| "persistentGrantExpirationType": "OVERRIDE_SERVER_DEFAULT", | |
| "persistentGrantExpirationTime": "<long>", | |
| "persistentGrantExpirationTimeUnit": "HOURS", | |
| "persistentGrantIdleTimeoutType": "SERVER_DEFAULT", | |
| "persistentGrantIdleTimeout": "<long>", | |
| "persistentGrantIdleTimeoutTimeUnit": "MINUTES", | |
| "persistentGrantReuseType": "SERVER_DEFAULT", | |
| "persistentGrantReuseGrantTypes": [ | |
| "DEVICE_CODE", | |
| "RESOURCE_OWNER_CREDENTIALS" | |
| ], | |
| "allowAuthenticationApiInit": "<boolean>", | |
| "bypassApprovalPage": "<boolean>", | |
| "restrictScopes": "<boolean>", | |
| "restrictedScopes": [ | |
| "<string>", | |
| "<string>" | |
| ], | |
| "exclusiveScopes": [ | |
| "<string>", | |
| "<string>" | |
| ], | |
| "authorizationDetailTypes": [ | |
| "<string>", | |
| "<string>" | |
| ], | |
| "restrictedResponseTypes": [ | |
| "<string>", | |
| "<string>" | |
| ], | |
| "requirePushedAuthorizationRequests": "<boolean>", | |
| "requireJwtSecuredAuthorizationResponseMode": "<boolean>", | |
| "requireSignedRequests": "<boolean>", | |
| "requestObjectSigningAlgorithm": "ES512", | |
| "oidcPolicy": { | |
| "idTokenSigningAlgorithm": "RS384", | |
| "idTokenEncryptionAlgorithm": "A128GCMKW", | |
| "idTokenContentEncryptionAlgorithm": "AES_256_CBC_HMAC_SHA_512", | |
| "policyGroup": { | |
| "id": "<string>", | |
| "location": "<string>" | |
| }, | |
| "grantAccessSessionRevocationApi": "<boolean>", | |
| "grantAccessSessionSessionManagementApi": "<boolean>", | |
| "PingFederateLogoutCapable": "<boolean>", | |
| "logoutUris": [ | |
| "<string>", | |
| "<string>" | |
| ], | |
| "pairwiseIdentifierUserType": "<boolean>", | |
| "sectorIdentifierUri": "<string>" | |
| }, | |
| "clientAuth": { | |
| "type": "PRIVATE_KEY_JWT", | |
| "secret": "<sdfgdfgdfgtring>7", | |
| "encryptedSecret": "encryptedSecret%%$RRRRR", | |
| "secondarySecrets": [ | |
| { | |
| "secret": "crazuse'd-03240923-42394", | |
| "encryptedSecret": "exa@#$@#49psd8fd8sfsfmple2", | |
| "expiryTime": "<dateTime>" | |
| }, | |
| { | |
| "secret": "crasd64$%%dfdsfzuse'd-03240923-42394", | |
| "encryptedSecret": "e0)%xa@#$@#49psd8fd8sfsfmple2", | |
| "expiryTime": "<dateTime>" | |
| } | |
| ], | |
| "clientCertIssuerDn": "<string>", | |
| "clientCertSubjectDn": "<string>", | |
| "enforceReplayPrevention": "<boolean>", | |
| "tokenEndpointAuthSigningAlgorithm": "RS384" | |
| }, | |
| "jwksSettings": { | |
| "jwksUrl": "<string>", | |
| "jwks": "<string>" | |
| }, | |
| "extendedParameters": { | |
| "Excepteur__": { | |
| "values": [ | |
| "<string>", | |
| "<string>" | |
| ] | |
| }, | |
| "ullamco_9": { | |
| "values": [ | |
| "<string>", | |
| "<string>" | |
| ] | |
| }, | |
| "deserunt_f3": { | |
| "values": [ | |
| "<string>", | |
| "<string>" | |
| ] | |
| }, | |
| "in_0b": { | |
| "values": [ | |
| "<string>", | |
| "<string>" | |
| ] | |
| } | |
| }, | |
| "deviceFlowSettingType": "SERVER_DEFAULT", | |
| "userAuthorizationUrlOverride": "<string>", | |
| "pendingAuthorizationTimeoutOverride": "<integer>", | |
| "devicePollingIntervalOverride": "<integer>", | |
| "bypassActivationCodeConfirmationOverride": "<boolean>", | |
| "requireProofKeyForCodeExchange": "<boolean>", | |
| "cibaDeliveryMode": "PING", | |
| "cibaNotificationEndpoint": "<string>", | |
| "cibaPollingInterval": "<integer>", | |
| "cibaRequireSignedRequests": "<boolean>", | |
| "cibaRequestObjectSigningAlgorithm": "PS384", | |
| "cibaUserCodeSupported": "<boolean>", | |
| "requestPolicyRef": { | |
| "id": "<string>", | |
| "location": "<string>" | |
| }, | |
| "tokenExchangeProcessorPolicyRef": { | |
| "id": "<string>", | |
| "location": "<string>" | |
| }, | |
| "refreshTokenRollingGracePeriodType": "OVERRIDE_SERVER_DEFAULT", | |
| "refreshTokenRollingGracePeriod": "<integer>", | |
| "clientSecretRetentionPeriodType": "SERVER_DEFAULT", | |
| "clientSecretRetentionPeriod": "<integer>", | |
| "clientSecretChangedTime": "<dateTime>", | |
| "tokenIntrospectionSigningAlgorithm": "PS384", | |
| "tokenIntrospectionEncryptionAlgorithm": "A192KW", | |
| "tokenIntrospectionContentEncryptionAlgorithm": "AES_256_GCM", | |
| "jwtSecuredAuthorizationResponseModeSigningAlgorithm": "PS256", | |
| "jwtSecuredAuthorizationResponseModeEncryptionAlgorithm": "A128GCMKW", | |
| "jwtSecuredAuthorizationResponseModeContentEncryptionAlgorithm": "AES_192_CBC_HMAC_SHA_384" | |
| } | |
| ] | |
| } | |
| passwordCredentialValidators = { | |
| "configuration": { | |
| "tables": [ | |
| { | |
| "name": "<string>", | |
| "rows": [ | |
| { | |
| "fields": [ | |
| { | |
| "name": "<string>", | |
| "value": "<string>", | |
| "encryptedValue": "fake1", | |
| "inherited": "<boolean>" | |
| }, | |
| { | |
| "name": "<string>", | |
| "value": "<string>", | |
| "encryptedValue": "fake2", | |
| "inherited": "<boolean>" | |
| } | |
| ], | |
| "defaultRow": "<boolean>" | |
| }, | |
| { | |
| "fields": [ | |
| { | |
| "name": "<string>", | |
| "value": "<string>", | |
| "encryptedValue": "fake3", | |
| "inherited": "<boolean>" | |
| }, | |
| { | |
| "name": "<string>", | |
| "value": "<string>", | |
| "encryptedValue": "fake33", | |
| "inherited": "<boolean>" | |
| } | |
| ], | |
| "defaultRow": "<boolean>" | |
| } | |
| ], | |
| "inherited": "<boolean>" | |
| }, | |
| { | |
| "name": "<string>", | |
| "rows": [ | |
| { | |
| "fields": [ | |
| { | |
| "name": "<string>", | |
| "value": "<string>", | |
| "encryptedValue": "fake334", | |
| "inherited": "<boolean>" | |
| }, | |
| { | |
| "name": "<string>", | |
| "value": "<string>", | |
| "encryptedValue": "fake4", | |
| "inherited": "<boolean>" | |
| } | |
| ], | |
| "defaultRow": "<boolean>" | |
| }, | |
| { | |
| "fields": [ | |
| { | |
| "name": "<string>", | |
| "value": "<string>", | |
| "encryptedValue": "fake24", | |
| "inherited": "<boolean>" | |
| }, | |
| { | |
| "name": "<string>", | |
| "value": "<string>", | |
| "encryptedValue": "fake2124", | |
| "inherited": "<boolean>" | |
| } | |
| ], | |
| "defaultRow": "<boolean>" | |
| } | |
| ], | |
| "inherited": "<boolean>" | |
| } | |
| ], | |
| "fields": [ | |
| { | |
| "name": "<string>", | |
| "value": "<string>", | |
| "encryptedValue": "fake21234", | |
| "inherited": "<boolean>" | |
| }, | |
| { | |
| "name": "<string>", | |
| "value": "<string>", | |
| "encryptedValue": "fake21234444", | |
| "inherited": "<boolean>" | |
| } | |
| ] | |
| }, | |
| "id": "<string>", | |
| "name": "<string>", | |
| "pluginDescriptorRef": { | |
| "id": "<string>", | |
| "location": "<string>" | |
| }, | |
| "parentRef": { | |
| "id": "<string>", | |
| "location": "<string>" | |
| }, | |
| "attributeContract": { | |
| "coreAttributes": [ | |
| { | |
| "name": "<string>" | |
| }, | |
| { | |
| "name": "<string>" | |
| } | |
| ], | |
| "extendedAttributes": [ | |
| { | |
| "name": "<string>" | |
| }, | |
| { | |
| "name": "<string>" | |
| } | |
| ], | |
| "inherited": "<boolean>" | |
| } | |
| } | |
| def filter_confidential_data(msg): | |
| regex_pattern = r'\"(password|credentials|secret|encryptedSecret|encryptedValue)\":\s*(?:\"([^\"]*)\")' | |
| matchedReg = re.findall(regex_pattern, str(msg), flags=re.IGNORECASE) | |
| for mc in matchedReg: | |
| if len(mc) == 2 and len(mc[1]) > 0: | |
| print(f' - {mc[0]} : {mc[1]}') | |
| msg = msg.replace(mc[1], "*****") | |
| return msg | |
| # Press the green button in the gutter to run the script. | |
| if __name__ == '__main__': | |
| print("Message 1") | |
| print(f"Unfiltered message: {json.dumps(message)}") | |
| print(f"Filtered message: {filter_confidential_data(json.dumps(message))}") | |
| print("Message 2") | |
| print(f"Unfiltered message: {json.dumps(passwordCredentialValidators)}") | |
| print(f"Filtered message: {filter_confidential_data(json.dumps(passwordCredentialValidators))}") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment