[libcalamares] Sanitize logging

This commit is contained in:
Adriaan de Groot 2019-04-15 10:44:13 -04:00
parent 93be1a6582
commit 329bd36929

View File

@ -38,6 +38,41 @@
#include <sys/sysctl.h>
#endif
/** @brief When logging commands, don't log everything.
*
* The command-line arguments to some commands may contain the
* encrypted password set by the user. Don't log that password,
* since the log may get posted to bug reports, or stored in
* the target system.
*/
struct RedactedList
{
RedactedList( const QStringList& l )
: list(l)
{
}
const QStringList& list;
} ;
QDebug&
operator<<( QDebug& s, const RedactedList& l )
{
// Special case logging: don't log the (encrypted) password.
if ( l.list.contains( "usermod" ) )
{
for ( const auto& item : l.list )
if ( item.startsWith( "$6$" ) )
s << "<password>";
else
s << item;
}
else
s << l.list;
return s;
}
namespace CalamaresUtils
{
@ -158,7 +193,7 @@ System::runCommand(
return -3;
}
cDebug() << "Running" << program << arguments;
cDebug() << "Running" << program << RedactedList( arguments );
process.start();
if ( !process.waitForStarted() )
{
@ -191,7 +226,7 @@ System::runCommand(
cDebug() << "Finished. Exit code:" << r;
if ( ( r != 0 ) || Calamares::Settings::instance()->debugMode() )
{
cDebug() << "Target cmd:" << args;
cDebug() << "Target cmd:" << RedactedList( args );
cDebug().noquote().nospace() << "Target output:\n" << output;
}
return ProcessResult(r, output);