[cleaner] Remove binary files by default

Binary files generally speaking cannot be obfuscated, and as such we
should remove them from archives being obfuscated by default so that
sensitive data is not mistakenly included in an obfuscated archive.

This commits adds a new `--keep-binary-files` option that if used will
keep any encountered binary files in the final archive. The default
option of `false` will ensure that encountered binary files are removed.

The number of removed binary files per archive is reported when
obfuscation is completed for that archive.

Closes: #2478
Resolves: #2524

Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>

3 files changed, 62 insertions, 1 deletions

diff --git a/tests/report_tests/report_with_mask.py b/tests/report_tests/report_with_mask.py
index a62888ae..4f94ba33 100644
--- a/tests/report_tests/report_with_mask.py
+++ b/tests/report_tests/report_with_mask.py
@@ -6,7 +6,7 @@
 #
 # See the LICENSE file in the source distribution for further information.
 
-from sos_tests import StageOneReportTest
+from sos_tests import StageOneReportTest, StageTwoReportTest
 
 import re
 
@@ -67,3 +67,43 @@ class ReportWithCleanedKeywords(StageOneReportTest):
 
     def test_keyword_obfuscated_in_file(self):
         self.assertFileNotHasContent('sos_commands/kernel/uname_-a', 'Linux')
+
+
+class DefaultRemoveBinaryFilesTest(StageTwoReportTest):
+    """Testing that binary files are removed by default
+
+    :avocado: tags=stagetwo
+    """
+
+    files = ['/var/log/binary_test.tar.xz']
+    install_plugins = ['binary_test']
+    sos_cmd = '--clean -o binary_test,kernel,host'
+
+    def test_binary_removed(self):
+        self.assertFileNotCollected('var/log/binary_test.tar.xz')
+
+    def test_binaries_removed_reported(self):
+        self.assertOutputContains('\[removed .* unprocessable files\]')
+
+
+class KeepBinaryFilesTest(StageTwoReportTest):
+    """Testing that --keep-binary-files will function as expected
+
+    :avocado: tags=stagetwo
+    """
+
+    files = ['/var/log/binary_test.tar.xz']
+    install_plugins = ['binary_test']
+    sos_cmd = '--clean --keep-binary-files -o binary_test,kernel,host'
+
+    def test_warning_message_shown(self):
+        self.assertOutputContains(
+            'WARNING: binary files that potentially contain sensitive information '
+            'will NOT be removed from the final archive'
+        )
+
+    def test_binary_is_in_archive(self):
+        self.assertFileCollected('var/log/binary_test.tar.xz')
+
+    def test_no_binaries_reported_removed(self):
+        self.assertOutputNotContains('\[removed .* unprocessable files\]')
diff --git a/tests/test_data/fake_plugins/binary_test.py b/tests/test_data/fake_plugins/binary_test.py
new file mode 100644
index 00000000..80bc841b
--- /dev/null
+++ b/tests/test_data/fake_plugins/binary_test.py
@@ -0,0 +1,21 @@
+# This file is part of the sos project: https://github.com/sosreport/sos
+#
+# This copyrighted material is made available to anyone wishing to use,
+# modify, copy, or redistribute it subject to the terms and conditions of
+# version 2 of the GNU General Public License.
+#
+# See the LICENSE file in the source distribution for further information.
+
+from sos.report.plugins import Plugin, IndependentPlugin
+
+
+class BinaryPlugin(Plugin, IndependentPlugin):
+    """Test plugin for testing binary removal with --clean
+    """
+
+    plugin_name = 'binary_test'
+    short_desc = 'test plugin for removing binaries with --clean'
+
+
+    def setup(self):
+        self.add_copy_spec('/var/log/binary_test.tar.xz')
diff --git a/tests/test_data/var/log/binary_test.tar.xz b/tests/test_data/var/log/binary_test.tar.xz
new file mode 100644
index 00000000..6031c869
--- /dev/null
+++ b/tests/test_data/var/log/binary_test.tar.xz