Update sensitive item replacement to use re instead of regex. This makes Netconan no longer depend on regex.
Regular expression sub() substitutes provided replacement for the entire matching text, including "ignored" groups but not lookbehinds. We previously leveraged this plus the fact that regex supports simple, variable length lookbehinds (\K, which is not supported in re lib) to match on but not replace preceding context.
In this PR, instead of using lookbehind to remove text from the resulting match, now a named prefix group is used to capture any text preceding the password which is included in the replacement text.
Regarding password regexes, what would have been the following before:
(password )\K(\S+) (require preceding text password but do not include anything before the \K in the match text)
Would now become:
(?P<prefix>password )(\S+) (match password followed by the actual password value, including both in the match text)
Update sensitive item replacement to use
reinstead ofregex. This makesNetconanno longer depend onregex.Regular expression
sub()substitutes provided replacement for the entire matching text, including "ignored" groups but not lookbehinds. We previously leveraged this plus the fact thatregexsupports simple, variable length lookbehinds (\K, which is not supported inrelib) to match on but not replace preceding context.In this PR, instead of using lookbehind to remove text from the resulting match, now a named
prefixgroup is used to capture any text preceding the password which is included in the replacement text.Regarding password regexes, what would have been the following before:
(password )\K(\S+)(require preceding textpasswordbut do not include anything before the\Kin the match text) Would now become:(?P<prefix>password )(\S+)(matchpasswordfollowed by the actual password value, including both in the match text)This change is