GitHubのミラーです
https://github.com/FascodeNet/alterlinux-calamares
Revision | 329bd36929efe96ded9f4935fbde1da2ce3a4dba (tree) |
---|---|
Time | 2019-04-15 23:59:57 |
Author | Adriaan de Groot <groot@kde....> |
Commiter | Adriaan de Groot |
[libcalamares] Sanitize logging
@@ -38,6 +38,41 @@ | ||
38 | 38 | #include <sys/sysctl.h> |
39 | 39 | #endif |
40 | 40 | |
41 | +/** @brief When logging commands, don't log everything. | |
42 | + * | |
43 | + * The command-line arguments to some commands may contain the | |
44 | + * encrypted password set by the user. Don't log that password, | |
45 | + * since the log may get posted to bug reports, or stored in | |
46 | + * the target system. | |
47 | + */ | |
48 | +struct RedactedList | |
49 | +{ | |
50 | + RedactedList( const QStringList& l ) | |
51 | + : list(l) | |
52 | + { | |
53 | + } | |
54 | + | |
55 | + const QStringList& list; | |
56 | +} ; | |
57 | + | |
58 | +QDebug& | |
59 | +operator<<( QDebug& s, const RedactedList& l ) | |
60 | +{ | |
61 | + // Special case logging: don't log the (encrypted) password. | |
62 | + if ( l.list.contains( "usermod" ) ) | |
63 | + { | |
64 | + for ( const auto& item : l.list ) | |
65 | + if ( item.startsWith( "$6$" ) ) | |
66 | + s << "<password>"; | |
67 | + else | |
68 | + s << item; | |
69 | + } | |
70 | + else | |
71 | + s << l.list; | |
72 | + | |
73 | + return s; | |
74 | +} | |
75 | + | |
41 | 76 | namespace CalamaresUtils |
42 | 77 | { |
43 | 78 |
@@ -158,7 +193,7 @@ System::runCommand( | ||
158 | 193 | return -3; |
159 | 194 | } |
160 | 195 | |
161 | - cDebug() << "Running" << program << arguments; | |
196 | + cDebug() << "Running" << program << RedactedList( arguments ); | |
162 | 197 | process.start(); |
163 | 198 | if ( !process.waitForStarted() ) |
164 | 199 | { |
@@ -191,7 +226,7 @@ System::runCommand( | ||
191 | 226 | cDebug() << "Finished. Exit code:" << r; |
192 | 227 | if ( ( r != 0 ) || Calamares::Settings::instance()->debugMode() ) |
193 | 228 | { |
194 | - cDebug() << "Target cmd:" << args; | |
229 | + cDebug() << "Target cmd:" << RedactedList( args ); | |
195 | 230 | cDebug().noquote().nospace() << "Target output:\n" << output; |
196 | 231 | } |
197 | 232 | return ProcessResult(r, output); |