1 files changed, 24 insertions, 41 deletions

diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py
index 66916dd7..d3d42e79 100644
--- a/sos/plugins/__init__.py
+++ b/sos/plugins/__init__.py
@@ -92,6 +92,10 @@ def _file_is_compressed(path):
     return path.endswith(('.gz', '.xz', '.bz', '.bz2'))
 
 
+_certmatch = re.compile("-*BEGIN.*?-*END", re.DOTALL)
+_cert_replace = "-----SCRUBBED"
+
+
 class SoSPredicate(object):
     """A class to implement collection predicates.
 
@@ -467,7 +471,7 @@ class Plugin(object):
 
         self._log_warn(msg % (cmd, needs))
 
-    def do_cmd_private_sub(self, cmd):
+    def do_cmd_private_sub(self, cmd, desc=""):
         '''Remove certificate and key output archived by sosreport. cmd
         is the command name from which output is collected (i.e. exlcuding
         parameters). Any matching instances are replaced with: '-----SCRUBBED'
@@ -475,35 +479,16 @@ class Plugin(object):
 
         This function returns the number of replacements made.
         '''
+        if not self.executed_commands:
+            return 0
+
         globstr = '*' + cmd + '*'
         self._log_debug("Scrubbing certs and keys for commands matching %s"
                         % (cmd))
 
-        if not self.executed_commands:
-            return 0
+        replace = "%s %s" % (_cert_replace, desc) if desc else _cert_replace
 
-        replacements = None
-        try:
-            for called in self.executed_commands:
-                if called['file'] is None:
-                    continue
-                if called['binary'] == 'yes':
-                    self._log_warn("Cannot apply regex substitution to binary"
-                                   " output: '%s'" % called['exe'])
-                    continue
-                if fnmatch.fnmatch(called['exe'], globstr):
-                    path = os.path.join(self.commons['cmddir'], called['file'])
-                    readable = self.archive.open_file(path)
-                    certmatch = re.compile("-----BEGIN.*?-----END", re.DOTALL)
-                    result, replacements = certmatch.subn(
-                        "-----SCRUBBED", readable.read())
-                    if replacements:
-                        self.archive.add_string(result, path)
-        except Exception as e:
-            msg = "Certificate/key scrubbing failed for '%s' with: '%s'"
-            self._log_error(msg % (called['exe'], e))
-            replacements = None
-        return replacements
+        return self.do_cmd_output_sub(cmd, _certmatch, replace)
 
     def do_cmd_output_sub(self, cmd, regexp, subst):
         '''Apply a regexp substitution to command output archived by sosreport.
@@ -517,8 +502,9 @@ class Plugin(object):
         This function returns the number of replacements made.
         '''
         globstr = '*' + cmd + '*'
+        pattern = regexp.pattern if hasattr(regexp, "pattern") else regexp
         self._log_debug("substituting '%s' for '%s' in commands matching '%s'"
-                        % (subst, regexp, globstr))
+                        % (subst, pattern, globstr))
 
         if not self.executed_commands:
             return 0
@@ -548,34 +534,30 @@ class Plugin(object):
             replacements = None
         return replacements
 
-    def do_file_private_sub(self, pathregex):
+    def do_file_private_sub(self, pathregex, desc=""):
         '''Scrub certificate/key/etc information from files collected by sos.
 
         Files matching the provided pathregex are searched for content that
         resembles certificate, ssh keys, or similar information. Any matches
-        are replaced with "-----SCRUBBED $thing" where $thing is the specific
-        type of content being replaced, e.g. "-----SCRUBBED RSA PRIVATE KEY" so
-        that support representatives can at least be informed of what type of
-        content it was originally.
+        are replaced with "-----SCRUBBED $desc" where `desc` is a description
+        of the specific type of content being replaced, e.g.
+        "-----SCRUBBED RSA PRIVATE KEY" so that support representatives can
+        at least be informed of what type of content it was originally.
 
         Positional arguments:
             :param pathregex: A string or regex of a filename to match against
+            :param desc: A description of the replaced content
         '''
-        certmatch = re.compile("-*BEGIN.*?-*END", re.DOTALL)
+        self._log_debug("Scrubbing certs and keys for paths matching %s"
+                        % pathregex)
         match = re.compile(pathregex).match
+        replace = "%s %s" % (_cert_replace, desc) if desc else _cert_replace
         file_list = [f for f in self.copied_files if match(f['srcpath'])]
         for i in file_list:
             path = i['dstpath']
             if not path:
                 continue
-            self._log_debug("Scrubbing %s for certificate content" % path)
-            readable = self.archive.open_file(path)
-            content = readable.read()
-            if not isinstance(content, six.string_types):
-                content = content.decode('utf-8', 'ignore')
-            result, replacements = certmatch.subn('-----SCRUBBED', content)
-            if replacements:
-                self.archive.add_string(result, path)
+            self.do_file_sub(path, _certmatch, replace)
 
     def do_file_sub(self, srcpath, regexp, subst):
         '''Apply a regexp substitution to a file archived by sosreport.
@@ -587,9 +569,10 @@ class Plugin(object):
         '''
         try:
             path = self._get_dest_for_srcpath(srcpath)
+            pattern = regexp.pattern if hasattr(regexp, "pattern") else regexp
             self._log_debug("substituting scrpath '%s'" % srcpath)
             self._log_debug("substituting '%s' for '%s' in '%s'"
-                            % (subst, regexp, path))
+                            % (subst, pattern, path))
             if not path:
                 return 0
             readable = self.archive.open_file(path)