Sanitizer Module

class credproxy.sanitizer.SensitiveValueSanitizer[source]

Bases: object

Thread-safe sanitizer that tracks actual sensitive values for redaction.

This class maintains a registry of sensitive values (tokens, keys, etc.) and sanitizes them wherever they appear in logs or data structures.

__init__()[source]
register_sensitive_value(value: str) None[source]

Register a sensitive value for sanitization.

Parameters:

value – The sensitive value to track and sanitize

register_sensitive_dict(data: dict) None[source]

Register all sensitive values from a dictionary.

Automatically detects and registers values from keys that look sensitive.

Parameters:

data – Dictionary containing potential sensitive data

sanitize_string(text: str) str[source]

Sanitize a string by replacing all registered sensitive values.

Parameters:

text – The text to sanitize

Returns:

Sanitized text with sensitive values redacted

unregister_sensitive_value(value: str) None[source]

Unregister a sensitive value.

Parameters:

value – The sensitive value to remove from tracking

clear() None[source]

Clear all registered sensitive values.

credproxy.sanitizer.register_sensitive_value(value: str) None[source]

Register a sensitive value for sanitization globally.

Parameters:

value – The sensitive value to track and sanitize

credproxy.sanitizer.register_sensitive_dict(data: dict) None[source]

Register all sensitive values from a dictionary globally.

Parameters:

data – Dictionary containing potential sensitive data

credproxy.sanitizer.unregister_sensitive_value(value: str) None[source]

Unregister a sensitive value globally.

Parameters:

value – The sensitive value to remove from tracking

credproxy.sanitizer.sanitize_string(text: str) str[source]

Sanitize a string by replacing registered sensitive values.

This is the main public API for sanitizing strings in logs.

Parameters:

text – The text to sanitize

Returns:

Sanitized text with sensitive values redacted

credproxy.sanitizer.sanitize_for_logging(data: Any) Any[source]

Recursively sanitize sensitive data in dictionaries, lists, and other structures.

This is primarily for legacy compatibility. The recommended approach is to register sensitive values and let the logging formatter handle sanitization.

Parameters:

data – Any data structure (dict, list, string, etc.)

Returns:

Sanitized version of the data with sensitive values masked

credproxy.sanitizer.sanitize_exception_message(message: str) str[source]

Sanitize exception messages that might contain sensitive data.

First checks against registered sensitive values, then falls back to pattern-based detection.

Parameters:

message – Exception message string

Returns:

Sanitized message with sensitive values masked