Reduce commenting as basic.py is copied to the remote host with every module transfer.

Move some comments to the unittest as we might look at that if we decide to refactor the code.
2025-04-29 05:41:25 -07:00 · 2014-09-05 07:39:17 -07:00 · 2014-09-05 07:39:17 -07:00 · 8233522a7a
commit 8233522a7a
parent d293a46994
2 changed files with 45 additions and 50 deletions
--- a/test/units/TestModuleUtilsBasic.py
+++ b/test/units/TestModuleUtilsBasic.py
@ -247,11 +247,21 @@ class TestModuleUtilsBasicHelpers(unittest.TestCase):
    #################################################################################

    #
-    # Several speed tests -- previously, the obfuscation of passwords carried
-    # an unreasonable speed penalty for some module parameters.  We want to be
-    # sure we don't regress to that state.
+    # Speed tests
    #

+    # Previously, we used regexes which had some pathologically slow cases for
+    # parameters with large amounts of data with many ':' but no '@'.  The
+    # present function gets slower when there are many replacements so we may
+    # want to explore regexes in the future (for the speed when substituting
+    # or flexibility).  These speed tests will hopefully tell us if we're
+    # introducing code that has cases that are simply too slow.
+    #
+    # Some regex notes:
+    # * re.sub() is faster than re.match() + str.join().
+    # * We may be able to detect a large number of '@' symbols and then use
+    #   a regex else use the present function.
+
    @timed(5)
    def test_log_sanitize_speed_many_url(self):
        self.module._heuristic_log_sanitize(self.many_url)
@ -297,10 +307,15 @@ class TestModuleUtilsBasicHelpers(unittest.TestCase):
        # the same:
        self.assertEqual(len(url_output), len(url_data))

-        # ssh checking is somewhat harder as the heuristic is overzealous in
-        # most cases.  Since the input will have at least one ":" present
-        # before the password we can tell some things about the beginning and
-        # end of the data, though:
+        # ssh checking is harder as the heuristic is overzealous in many
+        # cases.  Since the input will have at least one ":" present before
+        # the password we can tell some things about the beginning and end of
+        # the data, though:
        self.assertTrue(ssh_output.startswith("{'"))
        self.assertTrue(ssh_output.endswith("'}}}}"))
        self.assertIn(":********@foo.com/data',", ssh_output)
+
+        # The overzealous-ness here may lead to us changing the algorithm in
+        # the future.  We could make it consume less of the data (with the
+        # possiblity of leaving partial passwords exposed) and encourage
+        # people to use no_log instead of relying on this obfuscation.