From 27c26da07a184695c348a2b056fb26c70cb08b74 Mon Sep 17 00:00:00 2001
From: mabulgu <abulgu@redhat.com>
Date: Sat, 26 Aug 2023 01:44:10 +0300
Subject: [PATCH 1/3] fix username anonymization by ignoring jinja

---
 ansible_anonymizer/anonymizer.py |  7 ++++---
 tests/test_anonymizer.py         | 28 ++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/ansible_anonymizer/anonymizer.py b/ansible_anonymizer/anonymizer.py
index 30619b2..1eeec8b 100644
--- a/ansible_anonymizer/anonymizer.py
+++ b/ansible_anonymizer/anonymizer.py
@@ -298,12 +298,13 @@ def hide_user_name(block: str) -> str:
     }
 
     def _rewrite(m: re.Match[str]) -> str:
-        user = m.group("user_name") if m.group("user_name") in known_users else "ano-user"
+        user = m.group("user_name") if (m.group("user_name") in known_users
+                                        or is_jinja2_expression(m.group("user_name"))) else "ano-user"
         return m.group("before") + user
 
     user_regexes = [
-        r"(?P<before>[c-z]:\\users\\)(?P<user_name>\w{,255})",
-        r"(?P<before>/(home|Users)/)(?P<user_name>[a-z0-9_-]{,255})",
+        r"(?P<before>[c-z]:\\users\\)(?P<user_name>([a-z0-9_-]|{{\s*.*?\s*}})\w{,255})",
+        r"(?P<before>/(home|Users)/)(?P<user_name>([a-z0-9_-]|{{\s*.*?\s*}})[a-z0-9_-]{,255})",
     ]
     for regex in user_regexes:
         block = re.sub(regex, _rewrite, block, flags=flags)
diff --git a/tests/test_anonymizer.py b/tests/test_anonymizer.py
index 9a4255e..0917306 100644
--- a/tests/test_anonymizer.py
+++ b/tests/test_anonymizer.py
@@ -398,6 +398,34 @@ def test_anonymize_text_block_user_name():
     assert hide_user_name(dedent(source)) == dedent(expectation)
 
 
+def test_anonymize_text_block_username_for_linux_path():
+    assert (
+        anonymize_text_block("path: /home/kaisersoze/.ssh/authorized_keys")
+        == "path: /home/ano-user/.ssh/authorized_keys"
+    )
+
+
+def test_anonymize_text_block_username_for_windows_path():
+    assert (
+        anonymize_text_block("path: C:\\users\\kaisersoze\\test")
+        == "path: C:\\users\\ano-user\\test"
+    )
+
+
+def test_anonymize_text_block_username_as_jinja_template_for_linux_path():
+    assert (
+        anonymize_text_block("path: /home/{{ admin_username | default('azureuser') }}/.ssh/authorized_keys")
+        == "path: /home/{{ admin_username | default('azureuser') }}/.ssh/authorized_keys"
+    )
+
+
+def test_anonymize_text_block_username_as_jinja_template_for_windows_path():
+    assert (
+        anonymize_text_block("path: c:\\users\\{{ admin_username | default('azureuser') }}\\test")
+        == "path: c:\\users\\{{ admin_username | default('azureuser') }}\\test"
+    )
+
+
 def test_anonymize_field():
     field = "my_field"
     value = "     a    "

From 33f72013657611fd1cbf0ee7bf84c2e64cf46fbb Mon Sep 17 00:00:00 2001
From: mabulgu <abulgu@redhat.com>
Date: Sat, 26 Aug 2023 02:03:15 +0300
Subject: [PATCH 2/3] fix formatting

---
 ansible_anonymizer/anonymizer.py | 7 +++++--
 tests/test_anonymizer.py         | 4 +++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/ansible_anonymizer/anonymizer.py b/ansible_anonymizer/anonymizer.py
index 1eeec8b..78bb989 100644
--- a/ansible_anonymizer/anonymizer.py
+++ b/ansible_anonymizer/anonymizer.py
@@ -298,8 +298,11 @@ def hide_user_name(block: str) -> str:
     }
 
     def _rewrite(m: re.Match[str]) -> str:
-        user = m.group("user_name") if (m.group("user_name") in known_users
-                                        or is_jinja2_expression(m.group("user_name"))) else "ano-user"
+        user = (
+            m.group("user_name")
+            if (m.group("user_name") in known_users or is_jinja2_expression(m.group("user_name")))
+            else "ano-user"
+        )
         return m.group("before") + user
 
     user_regexes = [
diff --git a/tests/test_anonymizer.py b/tests/test_anonymizer.py
index 0917306..926d09f 100644
--- a/tests/test_anonymizer.py
+++ b/tests/test_anonymizer.py
@@ -414,7 +414,9 @@ def test_anonymize_text_block_username_for_windows_path():
 
 def test_anonymize_text_block_username_as_jinja_template_for_linux_path():
     assert (
-        anonymize_text_block("path: /home/{{ admin_username | default('azureuser') }}/.ssh/authorized_keys")
+        anonymize_text_block(
+            "path: /home/{{ admin_username | default('azureuser') }}/.ssh/authorized_keys"
+        )
         == "path: /home/{{ admin_username | default('azureuser') }}/.ssh/authorized_keys"
     )
 

From 49c8086442df34d99a1572c1d293f92243eea677 Mon Sep 17 00:00:00 2001
From: mabulgu <abulgu@redhat.com>
Date: Mon, 28 Aug 2023 21:49:53 +0300
Subject: [PATCH 3/3] improve regex: remove redundant parts

---
 ansible_anonymizer/anonymizer.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible_anonymizer/anonymizer.py b/ansible_anonymizer/anonymizer.py
index 78bb989..e742702 100644
--- a/ansible_anonymizer/anonymizer.py
+++ b/ansible_anonymizer/anonymizer.py
@@ -306,8 +306,8 @@ def _rewrite(m: re.Match[str]) -> str:
         return m.group("before") + user
 
     user_regexes = [
-        r"(?P<before>[c-z]:\\users\\)(?P<user_name>([a-z0-9_-]|{{\s*.*?\s*}})\w{,255})",
-        r"(?P<before>/(home|Users)/)(?P<user_name>([a-z0-9_-]|{{\s*.*?\s*}})[a-z0-9_-]{,255})",
+        r"(?P<before>[c-z]:\\users\\)(?P<user_name>(\w|{{\s*.*?\s*}}){,255})",
+        r"(?P<before>/(home|Users)/)(?P<user_name>([a-z0-9_-]|{{\s*.*?\s*}}){,255})",
     ]
     for regex in user_regexes:
         block = re.sub(regex, _rewrite, block, flags=flags)