[cleaner] Remove binary files by default

Binary files generally speaking cannot be obfuscated, and as such we
should remove them from archives being obfuscated by default so that
sensitive data is not mistakenly included in an obfuscated archive.

This commits adds a new `--keep-binary-files` option that if used will
keep any encountered binary files in the final archive. The default
option of `false` will ensure that encountered binary files are removed.

The number of removed binary files per archive is reported when
obfuscation is completed for that archive.

Closes: #2478
Resolves: #2524

Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>

1 files changed, 12 insertions, 0 deletions

diff --git a/man/en/sos-clean.1 b/man/en/sos-clean.1
index 4856b43b..b77bc63c 100644
--- a/man/en/sos-clean.1
+++ b/man/en/sos-clean.1
@@ -9,6 +9,7 @@ sos clean - Obfuscate sensitive data from one or more sosreports
     [\-\-map-file]
     [\-\-jobs]
     [\-\-no-update]
+    [\-\-keep-binary-files]
 
 .SH DESCRIPTION
 \fBsos clean\fR or \fBsos mask\fR is an sos subcommand used to obfuscate sensitive information from
@@ -77,6 +78,17 @@ Default: 4
 .TP
 .B \-\-no-update
 Do not write the mapping file contents to /etc/sos/cleaner/default_mapping
+.TP
+.B \-\-keep-binary-files
+Keep unprocessable binary files in the archive, rather than removing them.
+
+Note that binary files cannot be obfuscated, and thus keeping them in the archive
+may result in otherwise sensitive information being included in the final archive.
+Users should review any archive that keeps binary files in place before sending to
+a third party.
+
+Default: False (remove encountered binary files)
+
 .SH SEE ALSO
 .BR sos (1)
 .BR sos-report (1)