PyPI - python-log-redactor - Versions diffs - 0.1.0__tar.gz - Mend

python-log-redactor 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

python_log_redactor-0.1.0/.gitignore +13 -0
python_log_redactor-0.1.0/LICENSE +21 -0
python_log_redactor-0.1.0/PKG-INFO +117 -0
python_log_redactor-0.1.0/README.md +94 -0
python_log_redactor-0.1.0/log_redactor/__init__.py +6 -0
python_log_redactor-0.1.0/log_redactor/core.py +238 -0
python_log_redactor-0.1.0/log_redactor/logging_filter.py +93 -0
python_log_redactor-0.1.0/log_redactor/patterns.py +30 -0
python_log_redactor-0.1.0/pyproject.toml +52 -0
python_log_redactor-0.1.0/tests/test_core.py +47 -0
python_log_redactor-0.1.0/tests/test_logging_filter.py +56 -0

python_log_redactor-0.1.0/.gitignore ADDED Viewed

@@ -0,0 +1,13 @@
+.venv/
+__pycache__/
+*.py[cod]
+*.egg-info/
+.pytest_cache/
+.ruff_cache/
+.coverage
+coverage.xml
+dist/
+build/
+.DS_Store
+.idea/
+.vscode/

python_log_redactor-0.1.0/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 log-redactor contributors
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

python_log_redactor-0.1.0/PKG-INFO ADDED Viewed

@@ -0,0 +1,117 @@
+Metadata-Version: 2.4
+Name: python-log-redactor
+Version: 0.1.0
+Summary: Lightweight sensitive data redaction for accidental printing of sensitive Python strings, dicts, and logs.
+Project-URL: Homepage, https://github.com/morgan-young/python-log-redactor
+Author: Morgan Young
+License: MIT
+License-File: LICENSE
+Keywords: logging,privacy,redaction,security
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+# log-redactor
+[![CI](https://github.com/morgan-young/log-redactor/actions/workflows/ci.yml/badge.svg)](https://github.com/morgan-young/log-redactor/actions/workflows/ci.yml)
+[![PyPI](https://img.shields.io/pypi/v/python-log-redactor.svg)](https://pypi.org/project/python-log-redactor/)
+[![Python](https://img.shields.io/pypi/pyversions/python-log-redactor.svg)](https://pypi.org/project/python-log-redactor/)
+[![License](https://img.shields.io/pypi/l/python-log-redactor.svg)](https://github.com/morgan-young/log-redactor/blob/main/LICENSE)
+Small, dependency-free redaction helpers for Python logs and payloads.
+`log-redactor` helps prevent accidental exposure of secrets in log messages, strings, and nested dictionaries.
+## Why use it?
+- Redacts by **key name** and **regex pattern value matching**
+- Supports nested `dict` / `list` / `tuple` structures
+- Works with standard library `logging` and `%s`-style args
+- Keeps runtime dependencies at zero (stdlib only)
+## Installation
+```bash
+pip install python-log-redactor
+```
+## Quick start
+```python
+import logging
+from log_redactor import RedactingFilter, redact, redact_dict
+logger = logging.getLogger("app")
+logger.setLevel(logging.INFO)
+logger.addFilter(RedactingFilter(patterns=["email", "jwt", "api_key"]))
+logger.info("User %s used key %s", "alice@example.com", "sk-live-abc123")
+print(redact("Contact: dev@example.com"))
+payload = {
+    "username": "alice",
+    "password": "super-secret",
+    "profile": {"email": "alice@example.com"},
+}
+print(redact_dict(payload))
+```
+## API
+```python
+from log_redactor import RedactingFilter, redact, redact_dict
+```
+- `redact(text: str, patterns=None, custom_patterns=None, replacement="[REDACTED]") -> str`
+- `redact_dict(data: dict, keys=None, patterns=None, custom_patterns=None, replacement="[REDACTED]") -> dict`
+- `RedactingFilter(logging.Filter)`
+## Built-in patterns
+- `email`
+- `ipv4`
+- `jwt`
+- `bearer_token`
+- `api_key`
+- `url_token`
+- `credit_card_basic`
+## Built-in sensitive keys
+- `password`
+- `passwd`
+- `secret`
+- `token`
+- `access_token`
+- `refresh_token`
+- `api_key`
+- `authorization`
+## Development
+```bash
+python3 -m venv .venv
+. .venv/bin/activate
+pip install -e . pytest ruff
+pytest
+ruff check .
+```
+## Security note
+This package is intended to reduce accidental leakage, not guarantee perfect anonymization.
+Always validate your own threat model and pattern coverage for production systems.
+## License
+MIT

python_log_redactor-0.1.0/README.md ADDED Viewed

@@ -0,0 +1,94 @@
+# log-redactor
+[![CI](https://github.com/morgan-young/log-redactor/actions/workflows/ci.yml/badge.svg)](https://github.com/morgan-young/log-redactor/actions/workflows/ci.yml)
+[![PyPI](https://img.shields.io/pypi/v/python-log-redactor.svg)](https://pypi.org/project/python-log-redactor/)
+[![Python](https://img.shields.io/pypi/pyversions/python-log-redactor.svg)](https://pypi.org/project/python-log-redactor/)
+[![License](https://img.shields.io/pypi/l/python-log-redactor.svg)](https://github.com/morgan-young/log-redactor/blob/main/LICENSE)
+Small, dependency-free redaction helpers for Python logs and payloads.
+`log-redactor` helps prevent accidental exposure of secrets in log messages, strings, and nested dictionaries.
+## Why use it?
+- Redacts by **key name** and **regex pattern value matching**
+- Supports nested `dict` / `list` / `tuple` structures
+- Works with standard library `logging` and `%s`-style args
+- Keeps runtime dependencies at zero (stdlib only)
+## Installation
+```bash
+pip install python-log-redactor
+```
+## Quick start
+```python
+import logging
+from log_redactor import RedactingFilter, redact, redact_dict
+logger = logging.getLogger("app")
+logger.setLevel(logging.INFO)
+logger.addFilter(RedactingFilter(patterns=["email", "jwt", "api_key"]))
+logger.info("User %s used key %s", "alice@example.com", "sk-live-abc123")
+print(redact("Contact: dev@example.com"))
+payload = {
+    "username": "alice",
+    "password": "super-secret",
+    "profile": {"email": "alice@example.com"},
+}
+print(redact_dict(payload))
+```
+## API
+```python
+from log_redactor import RedactingFilter, redact, redact_dict
+```
+- `redact(text: str, patterns=None, custom_patterns=None, replacement="[REDACTED]") -> str`
+- `redact_dict(data: dict, keys=None, patterns=None, custom_patterns=None, replacement="[REDACTED]") -> dict`
+- `RedactingFilter(logging.Filter)`
+## Built-in patterns
+- `email`
+- `ipv4`
+- `jwt`
+- `bearer_token`
+- `api_key`
+- `url_token`
+- `credit_card_basic`
+## Built-in sensitive keys
+- `password`
+- `passwd`
+- `secret`
+- `token`
+- `access_token`
+- `refresh_token`
+- `api_key`
+- `authorization`
+## Development
+```bash
+python3 -m venv .venv
+. .venv/bin/activate
+pip install -e . pytest ruff
+pytest
+ruff check .
+```
+## Security note
+This package is intended to reduce accidental leakage, not guarantee perfect anonymization.
+Always validate your own threat model and pattern coverage for production systems.
+## License
+MIT

python_log_redactor-0.1.0/log_redactor/__init__.py ADDED Viewed

@@ -0,0 +1,6 @@
+"""Public API for log_redactor."""
+from .core import redact, redact_dict
+from .logging_filter import RedactingFilter
+__all__ = ["redact", "redact_dict", "RedactingFilter"]

python_log_redactor-0.1.0/log_redactor/core.py ADDED Viewed

@@ -0,0 +1,238 @@
+"""Core string and dictionary redaction helpers."""
+from __future__ import annotations
+import re
+from collections.abc import Iterable, Mapping
+from typing import Any
+from .patterns import BUILTIN_PATTERNS, BUILTIN_SENSITIVE_KEYS
+RegexLike = str | re.Pattern[str]
+def _build_patterns(
+    patterns: Iterable[str] | None = None,
+    custom_patterns: Iterable[RegexLike] | None = None,
+) -> tuple[re.Pattern[str], ...]:
+    """Resolve built-in and custom patterns into compiled regex objects.
+    :param patterns:
+        Iterable of built-in pattern names to enable. If ``None``, all built-ins
+        are used.
+    :param custom_patterns:
+        Additional regex patterns provided as pattern strings or pre-compiled
+        :class:`re.Pattern` instances.
+    :returns:
+        Tuple of compiled regex patterns in application order.
+    :raises ValueError:
+        If ``patterns`` contains an unknown built-in pattern name.
+    """
+    if patterns is None:
+        compiled = list(BUILTIN_PATTERNS.values())
+    else:
+        compiled = []
+        for name in patterns:
+            try:
+                compiled.append(BUILTIN_PATTERNS[name])
+            except KeyError as error:
+                message = f"Unknown built-in pattern: {name!r}"
+                raise ValueError(message) from error
+    if custom_patterns:
+        for pattern in custom_patterns:
+            if isinstance(pattern, re.Pattern):
+                compiled.append(pattern)
+            else:
+                compiled.append(re.compile(pattern))
+    return tuple(compiled)
+def _normalize_sensitive_keys(keys: Iterable[str] | None = None) -> set[str]:
+    """Normalize sensitive key names for case-insensitive comparison.
+    :param keys:
+        Optional iterable of key names to treat as sensitive. If ``None``, the
+        default built-in key set is used.
+    :returns:
+        Lower-cased key names used during dictionary redaction.
+    """
+    if keys is None:
+        return set(BUILTIN_SENSITIVE_KEYS)
+    return {key.lower() for key in keys}
+def _redact_text_with_patterns(
+    text: str,
+    compiled_patterns: tuple[re.Pattern[str], ...],
+    replacement: str,
+) -> str:
+    """Apply compiled redaction patterns to a string.
+    :param text:
+        Input text to scan for sensitive values.
+    :param compiled_patterns:
+        Compiled regex objects used for substitutions.
+    :param replacement:
+        Replacement text inserted for matched sensitive values.
+    :returns:
+        Redacted string with all configured patterns applied.
+    """
+    redacted = text
+    for pattern in compiled_patterns:
+        if pattern.pattern == BUILTIN_PATTERNS["url_token"].pattern:
+            redacted = pattern.sub(rf"\1{replacement}", redacted)
+        else:
+            redacted = pattern.sub(replacement, redacted)
+    return redacted
+def _redact_value(
+    value: Any,
+    *,
+    compiled_patterns: tuple[re.Pattern[str], ...],
+    sensitive_keys: set[str],
+    replacement: str,
+    key_context: str | None = None,
+) -> Any:
+    """Recursively redact a value based on key sensitivity and regex matches.
+    :param value:
+        Value to process. Supports nested mappings, lists, tuples, and strings.
+    :param compiled_patterns:
+        Compiled regex objects used to redact string values.
+    :param sensitive_keys:
+        Lower-cased key names that force full-value redaction.
+    :param replacement:
+        Replacement text inserted when data is redacted.
+    :param key_context:
+        Current key name for ``value`` when traversing mappings.
+    :returns:
+        A redacted copy of ``value`` while preserving container types.
+    """
+    if key_context and key_context.lower() in sensitive_keys:
+        return replacement
+    if isinstance(value, str):
+        return _redact_text_with_patterns(value, compiled_patterns, replacement)
+    if isinstance(value, Mapping):
+        return {
+            key: _redact_value(
+                nested_value,
+                compiled_patterns=compiled_patterns,
+                sensitive_keys=sensitive_keys,
+                replacement=replacement,
+                key_context=key if isinstance(key, str) else None,
+            )
+            for key, nested_value in value.items()
+        }
+    if isinstance(value, list):
+        return [
+            _redact_value(
+                item,
+                compiled_patterns=compiled_patterns,
+                sensitive_keys=sensitive_keys,
+                replacement=replacement,
+            )
+            for item in value
+        ]
+    if isinstance(value, tuple):
+        return tuple(
+            _redact_value(
+                item,
+                compiled_patterns=compiled_patterns,
+                sensitive_keys=sensitive_keys,
+                replacement=replacement,
+            )
+            for item in value
+        )
+    return value
+def redact(
+    text: str,
+    patterns: Iterable[str] | None = None,
+    custom_patterns: Iterable[RegexLike] | None = None,
+    replacement: str = "[REDACTED]",
+) -> str:
+    """Redact sensitive values from a string.
+    :param text:
+        Text to redact.
+    :param patterns:
+        Optional built-in pattern names to apply. If ``None``, all built-in
+        patterns are used.
+    :param custom_patterns:
+        Optional custom regex patterns as strings or compiled
+        :class:`re.Pattern` objects.
+    :param replacement:
+        Text used to replace matched sensitive values.
+    :returns:
+        Redacted text.
+    :raises TypeError:
+        If ``text`` is not a string.
+    :raises ValueError:
+        If ``patterns`` contains an unknown built-in pattern name.
+    """
+    if not isinstance(text, str):
+        message = "text must be a string"
+        raise TypeError(message)
+    compiled_patterns = _build_patterns(patterns, custom_patterns)
+    return _redact_text_with_patterns(text, compiled_patterns, replacement)
+def redact_dict(
+    data: dict[Any, Any],
+    keys: Iterable[str] | None = None,
+    patterns: Iterable[str] | None = None,
+    custom_patterns: Iterable[RegexLike] | None = None,
+    replacement: str = "[REDACTED]",
+) -> dict[Any, Any]:
+    """Return a recursively redacted copy of a dictionary.
+    Redaction is applied by sensitive key name and by configured regex patterns
+    for string values. Input data is never mutated.
+    :param data:
+        Dictionary to redact.
+    :param keys:
+        Optional sensitive key names. If ``None``, built-in sensitive keys are
+        used.
+    :param patterns:
+        Optional built-in pattern names to apply. If ``None``, all built-in
+        patterns are used.
+    :param custom_patterns:
+        Optional custom regex patterns as strings or compiled
+        :class:`re.Pattern` objects.
+    :param replacement:
+        Text used to replace redacted values.
+    :returns:
+        New dictionary with redacted values.
+    :raises TypeError:
+        If ``data`` is not a dictionary.
+    :raises ValueError:
+        If ``patterns`` contains an unknown built-in pattern name.
+    """
+    if not isinstance(data, dict):
+        message = "data must be a dictionary"
+        raise TypeError(message)
+    compiled_patterns = _build_patterns(patterns, custom_patterns)
+    sensitive_keys = _normalize_sensitive_keys(keys)
+    return {
+        key: _redact_value(
+            value,
+            compiled_patterns=compiled_patterns,
+            sensitive_keys=sensitive_keys,
+            replacement=replacement,
+            key_context=key if isinstance(key, str) else None,
+        )
+        for key, value in data.items()
+    }

python_log_redactor-0.1.0/log_redactor/logging_filter.py ADDED Viewed

@@ -0,0 +1,93 @@
+"""Logging filter that redacts sensitive values in log records."""
+from __future__ import annotations
+import logging
+from collections.abc import Iterable
+from typing import Any
+from .core import RegexLike, _build_patterns, _normalize_sensitive_keys, _redact_value
+class RedactingFilter(logging.Filter):
+    """A logging filter that redacts sensitive values before emission.
+    :param name:
+        Filter name passed to :class:`logging.Filter`.
+    :param keys:
+        Optional sensitive key names. If ``None``, built-in sensitive keys are
+        used.
+    :param patterns:
+        Optional built-in pattern names to apply. If ``None``, all built-in
+        patterns are used.
+    :param custom_patterns:
+        Optional custom regex patterns as strings or compiled regex objects.
+    :param replacement:
+        Text used to replace redacted values.
+    :raises ValueError:
+        If ``patterns`` contains an unknown built-in pattern name.
+    """
+    def __init__(
+        self,
+        name: str = "",
+        *,
+        keys: Iterable[str] | None = None,
+        patterns: Iterable[str] | None = None,
+        custom_patterns: Iterable[RegexLike] | None = None,
+        replacement: str = "[REDACTED]",
+    ) -> None:
+        """Initialize filter configuration for key and pattern redaction.
+        :param name:
+            Filter name passed to :class:`logging.Filter`.
+        :param keys:
+            Optional sensitive key names.
+        :param patterns:
+            Optional built-in pattern names to apply.
+        :param custom_patterns:
+            Optional custom regex patterns as strings or compiled regex objects.
+        :param replacement:
+            Text used to replace redacted values.
+        :raises ValueError:
+            If ``patterns`` contains an unknown built-in pattern name.
+        """
+        super().__init__(name)
+        self._replacement = replacement
+        self._compiled_patterns = _build_patterns(patterns, custom_patterns)
+        self._sensitive_keys = _normalize_sensitive_keys(keys)
+    def _redact_any(self, value: Any) -> Any:
+        """Redact an arbitrary object using configured keys and patterns.
+        :param value:
+            Value to redact.
+        :returns:
+            Redacted value with container structure preserved.
+        """
+        return _redact_value(
+            value,
+            compiled_patterns=self._compiled_patterns,
+            sensitive_keys=self._sensitive_keys,
+            replacement=self._replacement,
+        )
+    def filter(self, record: logging.LogRecord) -> bool:
+        """Redact message content on a log record.
+        This method updates ``record.msg`` and ``record.args`` in place so that
+        standard ``%s`` logging formatting emits redacted values.
+        :param record:
+            Log record to redact.
+        :returns:
+            Always ``True`` so logging continues after redaction.
+        """
+        record.msg = self._redact_any(record.msg)
+        if isinstance(record.args, tuple):
+            record.args = tuple(self._redact_any(item) for item in record.args)
+        elif isinstance(record.args, dict):
+            record.args = self._redact_any(record.args)
+        elif record.args:
+            record.args = self._redact_any(record.args)
+        return True

python_log_redactor-0.1.0/log_redactor/patterns.py ADDED Viewed

@@ -0,0 +1,30 @@
+"""Built-in patterns and key configuration for redaction."""
+from __future__ import annotations
+import re
+BUILTIN_PATTERN_SOURCES: dict[str, str] = {
+    "email": r"\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\b",
+    "ipv4": r"\b(?:(?:25[0-5]|2[0-4]\d|1?\d?\d)\.){3}(?:25[0-5]|2[0-4]\d|1?\d?\d)\b",
+    "jwt": r"\b[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b",
+    "bearer_token": r"\bBearer\s+[A-Za-z0-9\-._~+/]+=*\b",
+    "api_key": r"\b(?:sk-(?:live|test)-[A-Za-z0-9]+|AKIA[0-9A-Z]{16}|AIza[A-Za-z0-9_-]{35})\b",
+    "url_token": r"([?&](?:token|access_token|refresh_token|api_key|key)=)[^&\s]+",
+    "credit_card_basic": r"\b(?:\d[ -]*?){13,19}\b",
+}
+BUILTIN_PATTERNS: dict[str, re.Pattern[str]] = {
+    name: re.compile(source) for name, source in BUILTIN_PATTERN_SOURCES.items()
+}
+BUILTIN_SENSITIVE_KEYS: set[str] = {
+    "password",
+    "passwd",
+    "secret",
+    "token",
+    "access_token",
+    "refresh_token",
+    "api_key",
+    "authorization",
+}

python_log_redactor-0.1.0/pyproject.toml ADDED Viewed

@@ -0,0 +1,52 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+[project]
+name = "python-log-redactor"
+version = "0.1.0"
+description = "Lightweight sensitive data redaction for accidental printing of sensitive Python strings, dicts, and logs."
+readme = "README.md"
+requires-python = ">=3.10"
+license = { text = "MIT" }
+authors = [{ name = "Morgan Young" }]
+keywords = ["logging", "security", "redaction", "privacy"]
+classifiers = [
+  "Development Status :: 3 - Alpha",
+  "Intended Audience :: Developers",
+  "License :: OSI Approved :: MIT License",
+  "Programming Language :: Python :: 3",
+  "Programming Language :: Python :: 3 :: Only",
+  "Programming Language :: Python :: 3.10",
+  "Programming Language :: Python :: 3.11",
+  "Programming Language :: Python :: 3.12",
+  "Programming Language :: Python :: 3.13",
+  "Programming Language :: Python :: 3.14",
+  "Topic :: Software Development :: Libraries :: Python Modules",
+]
+[project.urls]
+Homepage = "https://github.com/morgan-young/python-log-redactor"
+[tool.pytest.ini_options]
+addopts = "-q"
+testpaths = ["tests"]
+[tool.ruff]
+target-version = "py310"
+line-length = 100
+[tool.ruff.lint]
+select = ["E", "F", "I", "UP", "B"]
+[tool.hatch.build.targets.wheel]
+packages = ["log_redactor"]
+[tool.hatch.build.targets.sdist]
+include = [
+  "/log_redactor",
+  "/tests",
+  "/README.md",
+  "/LICENSE",
+  "/pyproject.toml",
+]

python_log_redactor-0.1.0/tests/test_core.py ADDED Viewed

@@ -0,0 +1,47 @@
+from __future__ import annotations
+from log_redactor import redact, redact_dict
+def test_redact_uses_selected_builtin_patterns() -> None:
+    text = "Email alice@example.com from 127.0.0.1"
+    redacted = redact(text, patterns=["email"])
+    assert "alice@example.com" not in redacted
+    assert "[REDACTED]" in redacted
+    assert "127.0.0.1" in redacted
+def test_redact_supports_custom_patterns() -> None:
+    text = "order id: internal-12345"
+    redacted = redact(text, patterns=[], custom_patterns=[r"internal-\d+"])
+    assert redacted == "order id: [REDACTED]"
+def test_redact_dict_is_recursive_and_non_mutating() -> None:
+    original = {
+        "user": "alice@example.com",
+        "password": "p@ssw0rd",
+        "nested": {
+            "token": "Bearer super-secret",
+            "list": ["hello", "bob@example.com"],
+            "tuple": ("api_key=abc123", 7),
+        },
+    }
+    redacted = redact_dict(original)
+    assert original["password"] == "p@ssw0rd"
+    assert redacted["password"] == "[REDACTED]"
+    assert redacted["user"] == "[REDACTED]"
+    assert redacted["nested"]["token"] == "[REDACTED]"
+    assert redacted["nested"]["list"][1] == "[REDACTED]"
+    assert redacted["nested"]["tuple"][1] == 7
+    assert redacted["nested"]["tuple"][0].startswith("api_key=")
+def test_redact_dict_preserves_non_string_values_unless_key_sensitive() -> None:
+    data = {"count": 3, "active": True, "api_key": 9999}
+    redacted = redact_dict(data)
+    assert redacted["count"] == 3
+    assert redacted["active"] is True
+    assert redacted["api_key"] == "[REDACTED]"

python_log_redactor-0.1.0/tests/test_logging_filter.py ADDED Viewed

@@ -0,0 +1,56 @@
+from __future__ import annotations
+import io
+import logging
+from log_redactor import RedactingFilter
+def _build_test_logger() -> tuple[logging.Logger, io.StringIO, logging.Handler]:
+    logger = logging.getLogger("log_redactor_test_logger")
+    logger.handlers.clear()
+    logger.filters.clear()
+    logger.setLevel(logging.INFO)
+    logger.propagate = False
+    stream = io.StringIO()
+    handler = logging.StreamHandler(stream)
+    handler.setFormatter(logging.Formatter("%(message)s"))
+    logger.addHandler(handler)
+    return logger, stream, handler
+def test_filter_redacts_percent_style_args() -> None:
+    logger, stream, handler = _build_test_logger()
+    logger.addFilter(RedactingFilter(patterns=["email", "api_key"]))
+    logger.info("User %s used key %s", "alice@example.com", "sk-live-abc123")
+    output = stream.getvalue()
+    logger.removeHandler(handler)
+    logger.handlers.clear()
+    logger.filters.clear()
+    assert "alice@example.com" not in output
+    assert "sk-live-abc123" not in output
+    assert output.count("[REDACTED]") >= 2
+def test_filter_redacts_mapping_and_nested_values() -> None:
+    logger, stream, handler = _build_test_logger()
+    logger.addFilter(RedactingFilter(patterns=["email"]))
+    logger.info(
+        "payload=%s",
+        {"password": "letmein", "meta": {"email": "bob@example.com"}, "count": 2},
+    )
+    output = stream.getvalue()
+    logger.removeHandler(handler)
+    logger.handlers.clear()
+    logger.filters.clear()
+    assert "letmein" not in output
+    assert "bob@example.com" not in output
+    assert output.count("[REDACTED]") >= 2
+    assert "2" in output