From 329bd36929efe96ded9f4935fbde1da2ce3a4dba Mon Sep 17 00:00:00 2001 From: Adriaan de Groot Date: Mon, 15 Apr 2019 10:44:13 -0400 Subject: [PATCH] [libcalamares] Sanitize logging --- .../utils/CalamaresUtilsSystem.cpp | 39 ++++++++++++++++++- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/src/libcalamares/utils/CalamaresUtilsSystem.cpp b/src/libcalamares/utils/CalamaresUtilsSystem.cpp index e8819aa31..1b603a7e7 100644 --- a/src/libcalamares/utils/CalamaresUtilsSystem.cpp +++ b/src/libcalamares/utils/CalamaresUtilsSystem.cpp @@ -38,6 +38,41 @@ #include #endif +/** @brief When logging commands, don't log everything. + * + * The command-line arguments to some commands may contain the + * encrypted password set by the user. Don't log that password, + * since the log may get posted to bug reports, or stored in + * the target system. + */ +struct RedactedList +{ + RedactedList( const QStringList& l ) + : list(l) + { + } + + const QStringList& list; +} ; + +QDebug& +operator<<( QDebug& s, const RedactedList& l ) +{ + // Special case logging: don't log the (encrypted) password. + if ( l.list.contains( "usermod" ) ) + { + for ( const auto& item : l.list ) + if ( item.startsWith( "$6$" ) ) + s << ""; + else + s << item; + } + else + s << l.list; + + return s; +} + namespace CalamaresUtils { @@ -158,7 +193,7 @@ System::runCommand( return -3; } - cDebug() << "Running" << program << arguments; + cDebug() << "Running" << program << RedactedList( arguments ); process.start(); if ( !process.waitForStarted() ) { @@ -191,7 +226,7 @@ System::runCommand( cDebug() << "Finished. Exit code:" << r; if ( ( r != 0 ) || Calamares::Settings::instance()->debugMode() ) { - cDebug() << "Target cmd:" << args; + cDebug() << "Target cmd:" << RedactedList( args ); cDebug().noquote().nospace() << "Target output:\n" << output; } return ProcessResult(r, output);