[libcalamares] Sanitize logging

This commit is contained in:
Adriaan de Groot 2019-04-15 10:44:13 -04:00
parent 93be1a6582
commit 329bd36929

View File

@ -38,6 +38,41 @@
#include <sys/sysctl.h> #include <sys/sysctl.h>
#endif #endif
/** @brief When logging commands, don't log everything.
*
* The command-line arguments to some commands may contain the
* encrypted password set by the user. Don't log that password,
* since the log may get posted to bug reports, or stored in
* the target system.
*/
struct RedactedList
{
RedactedList( const QStringList& l )
: list(l)
{
}
const QStringList& list;
} ;
QDebug&
operator<<( QDebug& s, const RedactedList& l )
{
// Special case logging: don't log the (encrypted) password.
if ( l.list.contains( "usermod" ) )
{
for ( const auto& item : l.list )
if ( item.startsWith( "$6$" ) )
s << "<password>";
else
s << item;
}
else
s << l.list;
return s;
}
namespace CalamaresUtils namespace CalamaresUtils
{ {
@ -158,7 +193,7 @@ System::runCommand(
return -3; return -3;
} }
cDebug() << "Running" << program << arguments; cDebug() << "Running" << program << RedactedList( arguments );
process.start(); process.start();
if ( !process.waitForStarted() ) if ( !process.waitForStarted() )
{ {
@ -191,7 +226,7 @@ System::runCommand(
cDebug() << "Finished. Exit code:" << r; cDebug() << "Finished. Exit code:" << r;
if ( ( r != 0 ) || Calamares::Settings::instance()->debugMode() ) if ( ( r != 0 ) || Calamares::Settings::instance()->debugMode() )
{ {
cDebug() << "Target cmd:" << args; cDebug() << "Target cmd:" << RedactedList( args );
cDebug().noquote().nospace() << "Target output:\n" << output; cDebug().noquote().nospace() << "Target output:\n" << output;
} }
return ProcessResult(r, output); return ProcessResult(r, output);