The HazDat Python library provides a class Shielding that protects sensitive data from inadvertent misuse. Things like passwords or social security numbers should be forgotten soon after use, and HazDat enforces it. If you would take precautions with HAZMAT, Why Not HazDat?™
hazdat.Shielding prevents accessing the hazdat attribute more
than once:
>>> from hazdat import Shielding
>>> password = Shielding('1234')
>>> salted = password.hazdat + 'look, i salted it'
>>> password.hazdat
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "hazdat/hazdat/shielding.py", line 77, in __getattribute__
return super().__getattribute__(name)
File "hazdat/hazdat/shielding.py", line 91, in hazdat
raise AttributeError(msg) from None
AttributeError: hazdatAlso, to avoid unintentionally printing or logging, use
shielded.hazdat.str_once instead of str(shielded.hazdat).
>>> print(Shielding('1234').hazdat)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "hazdat/hazdat/shielding.py", line 39, in __str__
raise AttributeError(msg.format(type(self).__name__))
AttributeError: Can't access StrGuarded __str__
>>> ssn = Shielding('1234')
>>> hazard = ssn.hazdat
>>> hazard.str_once
'1234'
>>> hazard.str_once
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: 'str' object has no attribute 'str_once'- HazDat doesn't prevent all access to hazardous data, it just tries to prevent unintentional access. You can still assign the hazardous data to a variable and use it with impunity... just don't, please.
- Don't expect HazDat to censor sensitive data in SQLAlchemy tracebacks. That may be a feature in the future but for now it doesn't seem feasible.
pip install -e .[dev] tox
To run without coverage:
tox -e nocover