netconan icon indicating copy to clipboard operation
netconan copied to clipboard
verified publisher icon intentionet

Whitespace is unnecessarily and erroneously changed when using `--anonymize-passwords` and/or `--sensitive-words`

Open cdtomkins opened this issue 5 months ago • 3 comments

Issue

Whitespace is unnecessarily and erroneously changed when using --anonymize-passwords and/or --sensitive-words.

Environment:

not-my-username @ not-my-hostname /tmp
└─528─▶ python --version
Python 3.13.2
not-my-username @ not-my-hostname /tmp
└─529─▶ netconan --version
0.14.0

Source file:

not-my-username @ not-my-hostname /tmp
└─523─▶ cat input_config_not_real.txt
Building Configuration...

version 8.9
hostname "MYHOST"
clock timezone America/Los_Angeles -07 0
banner motd ~
"*******************************************************"
"*   This system is property of ACMECORP and may       *"
"*   only be accessed by authorized users.             *"
"*******************************************************"
!
service "example-service"
    disallow-vlan  type servers service ""
    disallow-role "" type servers service ""
!
interface vlan 100
ip address 10.3.100.1 255.255.255.240
!
interface vlan 101
ip address 10.3.101.1 255.255.255.240

anonymize-ips works fine - changes only IPs:

not-my-username @ not-my-hostname /tmp
└─526─▶ netconan -i input_config_not_real.txt -o output.txt --anonymize-ips
WARNING No salt was provided; using randomly generated "5SGAzBzJirlNzW5J"
not-my-username @ not-my-hostname /tmp
└─527─▶ diff input_config_not_real.txt output.txt
17c17
< ip address 10.3.100.1 255.255.255.240
---
> ip address 10.88.161.1 255.255.255.240
20c20
< ip address 10.3.101.1 255.255.255.240
---
> ip address 10.88.160.1 255.255.255.240

anonymize-passwords erroneously changes whitespace:

not-my-username @ not-my-hostname /tmp
└─524─▶ netconan -i input_config_not_real.txt -o output.txt --anonymize-passwords
WARNING No salt was provided; using randomly generated "5T1Ln93uyXo7DXDg"
not-my-username @ not-my-hostname /tmp
└─525─▶ diff input_config_not_real.txt output.txt
8,9c8,9
< "*   This system is property of ACMECORP and may       *"
< "*   only be accessed by authorized users.             *"
---
> "* This system is property of ACMECORP and may *"
> "* only be accessed by authorized users. *"
13c13
<     disallow-vlan  type servers service ""
---
>     disallow-vlan type servers service ""

cdtomkins avatar Sep 24 '25 08:09 cdtomkins

Feel free to assign this to me.

cdtomkins avatar Sep 24 '25 08:09 cdtomkins

Thanks, assigned to you :)

ratulm avatar Sep 24 '25 15:09 ratulm

@cdtomkins - let us know on Batfish Slack if you want to chat about the fix

dhalperi avatar Sep 30 '25 00:09 dhalperi