> FC'OP E""rr cheZdZdZededefdZededdfdZdededzfdZdS)SanitizationStrategyaBase class for key/collection sanitization strategies. Sanitization strategies convert user-provided keys and collection names into formats that are compatible with backend store requirements. This includes: - Replacing invalid characters - Truncating to maximum length - Adding hash fragments for uniqueness - Prefixing to prevent collisions with user keys valuereturncdS)zSanitize a key or collection name for storage. Args: value: The user-provided key or collection name. Returns: The sanitized value suitable for storage. Nrselfrs rsanitizezSanitizationStrategy.sanitize,rNcdS)zValidate that a user-provided value doesn't use reserved patterns. Args: value: The user-provided key or collection name. Raises: InvalidKeyError: If the value uses reserved prefixes or patterns. Nrrs rvalidatezSanitizationStrategy.validate7rrcdS)adAttempt to reverse sanitization (for debugging/enumeration). This is optional and may not be possible for all strategies (e.g., hashing is irreversible). The default implementation returns None. Args: value: The sanitized value. Returns: The original value if recoverable, None otherwise. Nrrs rtry_unsanitizez#SanitizationStrategy.try_unsanitizeBs tr) r rrrrstrrr!r#rrrrr!s c c   ^  c d   ^  C C$J      rrcHeZdZdZdedefdZdeddfdZdededzfdZdS)PassthroughStrategyzPass-through strategy that performs no sanitization. Use this for stores that have no character or length restrictions (e.g., Redis, DynamoDB, MongoDB when using document fields for keys). rrc|S)zReturn the value unchanged.rrs rrzPassthroughStrategy.sanitizeX rNcdS)z/No validation needed for pass-through strategy.Nrrs rr!zPassthroughStrategy.validate\rrc|Sz:Return the value unchanged since no sanitization occurred.rrs rr#z"PassthroughStrategy.try_unsanitize_r(r)r rrrr$rr!r#rrrr&r&Qs cc>c>d>>>>CC$Jrr&@cZeZdZdZd deddfdZdedefdZdeddfd Zdededzfd Z dS) AlwaysHashStrategyz!Strategy that always hashes keys.r- hash_lengthrNc|tks |tkr$dtdtd|}t|||_dS)zInitialize the always hash strategy. Args: hash_length: The length of the hash to generate. Must be greater than 8 and less than 64. z!hash_length must be greater than z and less than z: N)MINIMUM_HASH_LENGTHMAXIMUM_HASH_LENGTH ValueErrorr0)rr0msgs r__init__zAlwaysHashStrategy.__init__ksU - - -?R1R1R~6I~~Zm~~q|~~CS// ! +rrctj|d|jS)zHash the value.N)hashlibsha256encode hexdigestr0rs rrzAlwaysHashStrategy.sanitizews4~ellnn--7799:LDr6r$rr!rrrr@r@s%%3%%%%%cc$ 'c 'd ' ' ' ' ' 'rr@c neZdZdZdddejdfdededzded ed ed df d Zd ed efdZ d ed dfdZ dS)HybridSanitizationStrategya.Strategy that replaces invalid characters and adds hash fragments. This strategy is used by stores with character restrictions (e.g., Elasticsearch, Keyring, Windows Registry). Invalid characters are replaced with a safe character, and a hash fragment is added for uniqueness. The result is prefixed with 'S_' to prevent collisions with user-provided keys. Args: max_length: Maximum length after sanitization. Defaults to 240. allowed_characters: List of allowed characters. Defaults to alphanumeric + dash + underscore. replacement_character: Character to use for invalid characters. Defaults to underscore. hash_fragment_mode: When to add hash fragments. Defaults to ONLY_IF_CHANGED. hash_fragment_length: Length of hash fragment. Defaults to 8. rAN_r,rBallowed_charactersreplacement_characterhash_fragment_modehash_fragment_lengthrcL||_||_||_||_||_dS)aInitialize the character sanitization strategy. Args: max_length: Maximum length after sanitization. allowed_characters: String of allowed characters. Defaults to None (all characters allowed). replacement_character: Character to use for invalid characters. hash_fragment_mode: When to add hash fragments. hash_fragment_length: Length of hash fragment. N)rBrTrUrVrW)rrBrTrUrVrWs rr6z#HybridSanitizationStrategy.__init__s1"%.@%:""4$8!!!rrcz|}|jrt||j|j}||k}|jtjkp|jtjko|}|r~tj|  d|j }d|j z}|j |z }t||kr |d|}d|d|St||j k}|r|d|j }d}|r6d|} t| |j kr|d|j dz }d|} | S|S)a Replace invalid characters and add hash fragment if needed. The sanitization process: 1. Replace invalid characters with replacement_character 2. If changed (and mode is ONLY_IF_CHANGED), add hash fragment 3. Truncate to max_length (accounting for prefix and hash fragment) 4. Prefix with 'S_' if sanitization occurred Args: value: The key or collection name to sanitize. Returns: The sanitized value with 'S_' prefix if modified. )rrT replace_withNrK-TrF)rTrrUrVr rrr8r9r:r;rWrBrG) rr sanitizedchangedadd_hash hash_fragmentoverheadmax_value_lengthneeds_truncationprefixeds rrz#HybridSanitizationStrategy.sanitizes  " 50GVZVpI u$*.>.EE  #'7'G G SG   4#N5<<>>::DDFFGbIbGbcMt88H $9 9~~ 000%&7'7&78 4 33M33 3y>>DO;  !"3DO"34IG  'I''H8}}t..%&;!(;&;< + ++OrcX|drd|}t|dS)zValidate that the value doesn't start with reserved prefixes. Args: value: The user-provided key or collection name. Raises: InvalidKeyError: If the value starts with 'H_' or 'S_'. rJrLNrMrOs rr!z#HybridSanitizationStrategy.validaterPr) r rrrr rr>r$r6rr!rrrrRrRs  ")-%(/?/O$% 999 $J9 # 9 - 9 " 9 9999.;c;c;;;;z 'c 'd ' ' ' ' ' 'rrR)rr8abcrrenumr!key_value.shared.errors.key_valuerkey_value.shared.utils.sanitizerr rr&r2r3r/r@rRrrrrjs  ########======IIIIII # # # # #t # # #-----3---`.&-60'0'0'0'0'30'0'0'fo'o'o'o'o'!5o'o'o'o'o'r