aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPavel Moravec <pmoravec@redhat.com>2023-10-18 13:38:29 +0200
committerJake Hunsaker <jacob.r.hunsaker@gmail.com>2023-10-18 07:39:41 -0700
commit5a285e67de2af9e9b41844fb9d519ac333f2ce12 (patch)
treeb676c5add07c38b9edcb94de1af374935589505f
parentfc8333e0d4b21840f111413b7b48591c91437de3 (diff)
downloadsos-5a285e67de2af9e9b41844fb9d519ac333f2ce12.tar.gz
[pulpcore] Scrub AUTH_LDAP_BIND_PASSWORD value
Likewise in #3379, scrub the password also in pulpcore plugin. Resolves: #3389 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Diffstat
-rw-r--r--sos/report/plugins/pulpcore.py27
1 files changed, 8 insertions, 19 deletions
diff --git a/sos/report/plugins/pulpcore.py b/sos/report/plugins/pulpcore.py
index 04efae9f..649626ad 100644
--- a/sos/report/plugins/pulpcore.py
+++ b/sos/report/plugins/pulpcore.py
@@ -144,29 +144,18 @@ class PulpCore(Plugin, IndependentPlugin):
return _dbcmd % (self.dbhost, self.dbport, self.dbname, quote(query))
def postproc(self):
- # TODO obfuscate from /etc/pulp/settings.py :
+ # obfuscate from /etc/pulp/settings.py and "dynaconf list":
# SECRET_KEY = "eKfeDkTnvss7p5WFqYdGPWxXfHnsbDBx"
# 'PASSWORD': 'tGrag2DmtLqKLTWTQ6U68f6MAhbqZVQj',
+ # AUTH_LDAP_BIND_PASSWORD = 'ouch-a-secret'
# the PASSWORD can be also in an one-liner list, so detect its value
# in non-greedy manner till first ',' or '}'
- self.do_path_regex_sub(
- "/etc/pulp/settings.py",
- r"(SECRET_KEY\s*=\s*)(.*)",
- r"\1********")
- self.do_path_regex_sub(
- "/etc/pulp/settings.py",
- r"(PASSWORD\S*\s*:\s*)(.*?)(,|\})",
- r"\1********\3")
- # apply the same for "dynaconf list" output that prints settings.py
- # in a pythonic format
- self.do_cmd_output_sub(
- "dynaconf list",
- r"(SECRET_KEY<str>\s*)'(.*)'",
- r"\1********")
- self.do_cmd_output_sub(
- "dynaconf list",
- r"(PASSWORD\S*\s*:\s*)(.*)",
- r"\1********")
+ key_pass_re = r"((?:SECRET_KEY|AUTH_LDAP_BIND_PASSWORD)" \
+ r"(?:\<.+\>)?(\s*=)?|(password|PASSWORD)" \
+ r"(\"|'|:)+)\s*(\S*)"
+ repl = r"\1 ********"
+ self.do_path_regex_sub("/etc/pulp/settings.py", key_pass_re, repl)
+ self.do_cmd_output_sub("dynaconf list", key_pass_re, repl)
# vim: set et ts=4 sw=4 :
generated by cgit (git 2.34.1) at 2024-11-10 06:17:53 +0000