PyPI - elven-logs-interceptor-python - Versions diffs - 0.1.14__tar.gz → 0.1.16__tar.gz - Mend

elven-logs-interceptor-python 0.1.14tar.gz → 0.1.16tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (62) hide show

{elven_logs_interceptor_python-0.1.14 → elven_logs_interceptor_python-0.1.16}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: elven-logs-interceptor-python
-Version: 0.1.14
+Version: 0.1.16
 Summary: Production-grade logs interceptor for Python with Loki transport, resilience, batching, and framework integrations.
 Author: Elven Observability
 License: MIT
@@ -123,9 +123,12 @@ logging.getLogger(__name__).info(
 Supported aliases: `warning(...)`, `exception(...)` and `critical(...)`.
-Sensitive fields such as `cpf`, `password`, `token` and `authorization` are
-redacted by default. Set `LOGS_FILTER_SANITIZE=false` only when raw sensitive
-data is explicitly required and approved.
+Sensitive fields such as `cpf`, `cnpj`, `cpfCnpj`, `password`, `token` and `authorization` are
+redacted by default. In messages, the library redacts only the sensitive
+fragment/value and preserves the rest of the log. In structured context,
+sensitive keys redact the full value. Set `LOGS_FILTER_SANITIZE=false`,
+`LOGS_SANITIZE=false`, or `UO_LOGS_SANITIZE=false` only when raw sensitive data
+is explicitly required and approved.
 ## Environment Variables
@@ -139,10 +142,13 @@ Required for direct Loki mode:
 - `LOGS_APP_NAME`
 For collector-first mode, set `LOGS_EXPORTER=otlp` (or `collector`) and use
-`OTEL_EXPORTER_OTLP_LOGS_ENDPOINT`. In this mode `LOGS_URL`, `LOKI_URL`,
-`LOGS_TENANT` and `LOGS_TOKEN` are not required by the library. `LOGS_URL` is
-intentionally ignored in collector mode to avoid accidentally posting OTLP logs
-to a direct Loki `/loki/api/v1/push` endpoint. Put tenant or auth headers in
+`OTEL_EXPORTER_OTLP_LOGS_ENDPOINT`. If the explicit logs endpoint is missing,
+the library derives `/v1/logs` from `OTEL_EXPORTER_OTLP_TRACES_ENDPOINT`,
+`OTEL_EXPORTER_OTLP_METRICS_ENDPOINT`, or `OTEL_EXPORTER_OTLP_ENDPOINT`.
+In this mode `LOGS_URL`, `LOKI_URL`, `LOGS_TENANT` and `LOGS_TOKEN` are not
+required by the library. `LOGS_URL` is intentionally ignored in collector mode
+to avoid accidentally posting OTLP logs to a direct Loki `/loki/api/v1/push`
+endpoint. Put tenant or auth headers in
 `OTEL_EXPORTER_OTLP_HEADERS`/`LOGS_OTLP_HEADERS` if your collector gateway
 requires them.
@@ -182,7 +188,7 @@ Filter:
 - `LOGS_FILTER_LEVELS`
 - `LOGS_FILTER_SAMPLING_RATE`
-- `LOGS_FILTER_SANITIZE`
+- `LOGS_FILTER_SANITIZE` (aliases: `LOGS_SANITIZE`, `UO_LOGS_SANITIZE`)
 - `LOGS_FILTER_MAX_MESSAGE_LENGTH`
 - `LOGS_FILTER_EXCLUDE_LOGGER_PREFIXES` (comma-separated)

{elven_logs_interceptor_python-0.1.14 → elven_logs_interceptor_python-0.1.16}/README.md RENAMED Viewed

@@ -62,9 +62,12 @@ logging.getLogger(__name__).info(
 Supported aliases: `warning(...)`, `exception(...)` and `critical(...)`.
-Sensitive fields such as `cpf`, `password`, `token` and `authorization` are
-redacted by default. Set `LOGS_FILTER_SANITIZE=false` only when raw sensitive
-data is explicitly required and approved.
+Sensitive fields such as `cpf`, `cnpj`, `cpfCnpj`, `password`, `token` and `authorization` are
+redacted by default. In messages, the library redacts only the sensitive
+fragment/value and preserves the rest of the log. In structured context,
+sensitive keys redact the full value. Set `LOGS_FILTER_SANITIZE=false`,
+`LOGS_SANITIZE=false`, or `UO_LOGS_SANITIZE=false` only when raw sensitive data
+is explicitly required and approved.
 ## Environment Variables
@@ -78,10 +81,13 @@ Required for direct Loki mode:
 - `LOGS_APP_NAME`
 For collector-first mode, set `LOGS_EXPORTER=otlp` (or `collector`) and use
-`OTEL_EXPORTER_OTLP_LOGS_ENDPOINT`. In this mode `LOGS_URL`, `LOKI_URL`,
-`LOGS_TENANT` and `LOGS_TOKEN` are not required by the library. `LOGS_URL` is
-intentionally ignored in collector mode to avoid accidentally posting OTLP logs
-to a direct Loki `/loki/api/v1/push` endpoint. Put tenant or auth headers in
+`OTEL_EXPORTER_OTLP_LOGS_ENDPOINT`. If the explicit logs endpoint is missing,
+the library derives `/v1/logs` from `OTEL_EXPORTER_OTLP_TRACES_ENDPOINT`,
+`OTEL_EXPORTER_OTLP_METRICS_ENDPOINT`, or `OTEL_EXPORTER_OTLP_ENDPOINT`.
+In this mode `LOGS_URL`, `LOKI_URL`, `LOGS_TENANT` and `LOGS_TOKEN` are not
+required by the library. `LOGS_URL` is intentionally ignored in collector mode
+to avoid accidentally posting OTLP logs to a direct Loki `/loki/api/v1/push`
+endpoint. Put tenant or auth headers in
 `OTEL_EXPORTER_OTLP_HEADERS`/`LOGS_OTLP_HEADERS` if your collector gateway
 requires them.
@@ -121,7 +127,7 @@ Filter:
 - `LOGS_FILTER_LEVELS`
 - `LOGS_FILTER_SAMPLING_RATE`
-- `LOGS_FILTER_SANITIZE`
+- `LOGS_FILTER_SANITIZE` (aliases: `LOGS_SANITIZE`, `UO_LOGS_SANITIZE`)
 - `LOGS_FILTER_MAX_MESSAGE_LENGTH`
 - `LOGS_FILTER_EXCLUDE_LOGGER_PREFIXES` (comma-separated)

{elven_logs_interceptor_python-0.1.14 → elven_logs_interceptor_python-0.1.16}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "elven-logs-interceptor-python"
-version = "0.1.14"
+version = "0.1.16"
 description = "Production-grade logs interceptor for Python with Loki transport, resilience, batching, and framework integrations."
 readme = "README.md"
 requires-python = ">=3.10"

{elven_logs_interceptor_python-0.1.14 → elven_logs_interceptor_python-0.1.16}/src/logs_interceptor/application/config_service.py RENAMED Viewed

@@ -30,6 +30,8 @@ DEFAULT_SENSITIVE_PATTERNS = [
     r"authorization",
     r"credit[_-]?card",
     r"ssn",
+    r"cpf[_-]?cnpj",
+    r"cnpj",
     r"cpf",
 ]

{elven_logs_interceptor_python-0.1.14 → elven_logs_interceptor_python-0.1.16}/src/logs_interceptor/infrastructure/filter/log_filter.py RENAMED Viewed

@@ -5,7 +5,7 @@ import re
 from ...config import ResolvedFilterConfig
 from ...domain.entities import LogEntryEntity
 from ...types import LogLevel
-from ...utils import detect_sensitive_data, sanitize_data, should_sample
+from ...utils import redact_sensitive_text, sanitize_data, should_sample
 class LogFilter:
@@ -35,8 +35,8 @@ class LogFilter:
         if self._config.sanitize and context is not None:
             context = sanitize_data(context, self._config.sensitive_patterns)
-        if self._config.sanitize and detect_sensitive_data(message, self._config.sensitive_patterns):
-            message = "[REDACTED]"
+        if self._config.sanitize:
+            message = redact_sensitive_text(message, self._config.sensitive_patterns)
         return LogEntryEntity(
             id=entry.id,

{elven_logs_interceptor_python-0.1.14 → elven_logs_interceptor_python-0.1.16}/src/logs_interceptor/utils.py RENAMED Viewed

@@ -392,6 +392,87 @@ def detect_sensitive_data(text: str, patterns: Iterable[str]) -> bool:
     return any(pattern.search(text) for pattern in common_patterns)
+def redact_sensitive_text(text: str, sensitive_patterns: Iterable[str]) -> str:
+    """Redact sensitive values while preserving the surrounding log message."""
+    patterns = list(sensitive_patterns)
+    redacted = text
+    for pattern in patterns:
+        redacted = _redact_key_value_pattern(redacted, pattern)
+    common_replacements: tuple[tuple[re.Pattern[str], str], ...] = (
+        (
+            re.compile(r"(Bearer)\s+[A-Za-z0-9\-._~+/=]+", re.IGNORECASE),
+            r"\1 [REDACTED]",
+        ),
+        (
+            re.compile(r"(Basic)\s+[A-Za-z0-9+/=]+", re.IGNORECASE),
+            r"\1 [REDACTED]",
+        ),
+        (
+            re.compile(r"\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b"),
+            "[REDACTED]",
+        ),
+        (
+            re.compile(r"\b(?:\d{4}[-\s]?){3}\d{4}\b"),
+            "[REDACTED]",
+        ),
+        (
+            re.compile(r"\b\d{3}-\d{2}-\d{4}\b"),
+            "[REDACTED]",
+        ),
+        (
+            re.compile(r"\b\d{3}\.\d{3}\.\d{3}-\d{2}\b"),
+            "[REDACTED]",
+        ),
+    )
+    for common_pattern, replacement in common_replacements:
+        redacted = common_pattern.sub(replacement, redacted)
+    for pattern in patterns:
+        if _looks_like_value_pattern(pattern):
+            redacted = re.sub(pattern, "[REDACTED]", redacted, flags=re.IGNORECASE)
+    return redacted
+def _redact_key_value_pattern(text: str, key_pattern: str) -> str:
+    quoted = re.compile(
+        rf"(?P<prefix>(?:[\"']?{key_pattern}[\"']?)\s*[:=]\s*)(?P<quote>[\"'])(?P<value>.*?)(?P=quote)",
+        re.IGNORECASE,
+    )
+    redacted = quoted.sub(r"\g<prefix>\g<quote>[REDACTED]\g<quote>", text)
+    unquoted = re.compile(
+        rf"(?P<prefix>(?:[\"']?{key_pattern}[\"']?)\s*[:=]\s*)(?P<value>[^\s,;&}}\]\"']+)",
+        re.IGNORECASE,
+    )
+    def _replace_unquoted(match: re.Match[str]) -> str:
+        value = match.group("value")
+        if value.lower() in {"bearer", "basic"} or value == "[REDACTED]":
+            return match.group(0)
+        return f"{match.group('prefix')}[REDACTED]"
+    redacted = unquoted.sub(_replace_unquoted, redacted)
+    query = re.compile(
+        rf"(?P<prefix>[?&](?:{key_pattern})=)(?P<value>[^&#\s]+)",
+        re.IGNORECASE,
+    )
+    return query.sub(r"\g<prefix>[REDACTED]", redacted)
+def _looks_like_value_pattern(pattern: str) -> bool:
+    # Plain words such as "token" and "password" are key indicators by default;
+    # redacting those words directly would destroy harmless messages like
+    # "Gerando token de acesso". Regex-looking patterns are treated as values.
+    keyish_terms = r"password|token|secret|api|key|authorization|credit|card|ssn|cpf|cnpj"
+    if re.search(keyish_terms, pattern, re.IGNORECASE):
+        return False
+    return bool(re.search(r"\\d|\[0-9|\{\d|[\^$]", pattern))
 def sanitize_data(
     data: dict[str, Any],
     sensitive_patterns: Iterable[str],
@@ -415,16 +496,14 @@ def sanitize_data(
             continue
         if isinstance(value, str):
-            sanitized[key] = "[REDACTED]" if detect_sensitive_data(value, sensitive_patterns) else value
+            sanitized[key] = redact_sensitive_text(value, sensitive_patterns)
             continue
         if isinstance(value, list):
             transformed: list[Any] = []
             for item in value:
                 if isinstance(item, str):
-                    transformed.append(
-                        "[REDACTED]" if detect_sensitive_data(item, sensitive_patterns) else item
-                    )
+                    transformed.append(redact_sensitive_text(item, sensitive_patterns))
                 elif isinstance(item, dict):
                     transformed.append(sanitize_data(item, sensitive_patterns, seen))
                 else:
@@ -619,7 +698,12 @@ def load_config_from_env() -> LogsInterceptorConfig:
         filter=FilterConfig(
             levels=_env_levels(env.get("LOGS_FILTER_LEVELS")),
             sampling_rate=parse_float_range(env.get("LOGS_FILTER_SAMPLING_RATE"), 1.0, 0.0, 1.0),
-            sanitize=parse_bool(env.get("LOGS_FILTER_SANITIZE"), True),
+            sanitize=parse_bool(
+                env.get("LOGS_FILTER_SANITIZE")
+                or env.get("LOGS_SANITIZE")
+                or env.get("UO_LOGS_SANITIZE"),
+                True,
+            ),
             max_message_length=parse_int_range(
                 env.get("LOGS_FILTER_MAX_MESSAGE_LENGTH"), 8192, 64, 1_000_000
             ),