[#4086] Addressed review comments

modified:   changelog_unreleased/4086-password-leaked-to-logs
modified:   src/lib/asiolink/process_spawn.cc
modified:   src/lib/asiolink/tests/process_spawn_unittest.cc
modified:   src/lib/mysql/mysql_connection.cc
modified:   src/lib/pgsql/pgsql_connection.cc

diff --git a/changelog_unreleased/4086-password-leaked-to-logs b/changelog_unreleased/4086-password-leaked-to-logs
index 386a631dd21230f500e46b5e4377eb402f3d5ba3..b015deec3a29f6bd7e7e0f0339214c4a2441a0fa 100644 (file)
--- a/changelog_unreleased/4086-password-leaked-to-logs
+++ b/changelog_unreleased/4086-password-leaked-to-logs
@@ -1,5 +1,5 @@
 [sec]          tmark
        Removed logging of database password as clear
-       text when kea-dhcp4 or kea-dhcp6 initialize
+       text when kea-dhcp4 or kea-dhcp6 initializes
        the schema.
        (Gitlab #4086)

diff --git a/src/lib/asiolink/process_spawn.cc b/src/lib/asiolink/process_spawn.cc
index 5bc868d01eafdee091827e7990e2c1c1425da007..51cf1f0c3b0e853a6b28f7927ae28b0457602be2 100644 (file)
--- a/src/lib/asiolink/process_spawn.cc
+++ b/src/lib/asiolink/process_spawn.cc
@@ -93,6 +93,7 @@ public:
     ~ProcessSpawnImpl();
 
     /// @brief Returns full command line, including arguments, for the process.
+    ///
     /// @param redact_args list of arguments to redact.
     std::string getCommandLine(std::unordered_set<std::string> redact_args = {}) const;
 

diff --git a/src/lib/asiolink/tests/process_spawn_unittest.cc b/src/lib/asiolink/tests/process_spawn_unittest.cc
index 10a898c21b654d536bf83166dcc6f73e106a6a02..365a51bed7dbc3956bac0fc14e28cbe37a6c2729 100644 (file)
--- a/src/lib/asiolink/tests/process_spawn_unittest.cc
+++ b/src/lib/asiolink/tests/process_spawn_unittest.cc
@@ -582,27 +582,25 @@ TEST_F(ProcessSpawnTest, inheritEnvWithParentVarSync) {
 // This test verifies that the full command line for the process is
 // returned with specific arguments redacted.
 TEST_F(ProcessSpawnTest, getCommandLineRedacted) {
-    {
-        // Case 1: arguments present.
-        ProcessArgs args;
-        args.push_back("db-init");
-        args.push_back("mysql");
-        args.push_back("--host");
-        args.push_back("example.com");
-        args.push_back("--user");
-        args.push_back("someone");
-        args.push_back("--password");
-        args.push_back("sesame");
-        args.push_back("--other");
-        args.push_back("stuff");
-        args.push_back("foo");
+    // Case 1: arguments present.
+    ProcessArgs args;
+    args.push_back("db-init");
+    args.push_back("mysql");
+    args.push_back("--host");
+    args.push_back("example.com");
+    args.push_back("--user");
+    args.push_back("someone");
+    args.push_back("--password");
+    args.push_back("sesame");
+    args.push_back("--other");
+    args.push_back("stuff");
+    args.push_back("foo");
 
-        ProcessSpawn process(ProcessSpawn::ASYNC, TEST_SCRIPT_SH, args);
-        std::string expected = TEST_SCRIPT_SH;
-        expected += " db-init mysql --host example.com --user ***** --password ***** --other stuff foo";
-        std::unordered_set<std::string> redact_args = { "--user", "--password", "--not-there" };
-        EXPECT_EQ(expected, process.getCommandLine(redact_args));
-    }
+    ProcessSpawn process(ProcessSpawn::ASYNC, TEST_SCRIPT_SH, args);
+    std::string expected = TEST_SCRIPT_SH;
+    expected += " db-init mysql --host example.com --user ***** --password ***** --other stuff foo";
+    std::unordered_set<std::string> redact_args = { "--user", "--password", "--not-there" };
+    EXPECT_EQ(expected, process.getCommandLine(redact_args));
 }
 
 } // end of anonymous namespace

diff --git a/src/lib/mysql/mysql_connection.cc b/src/lib/mysql/mysql_connection.cc
index 8dc0c315a3f133257084988f021d38f8d966d0a1..8874f9503c8e8baf31cc52503dbbab0bab92eee7 100644 (file)
--- a/src/lib/mysql/mysql_connection.cc
+++ b/src/lib/mysql/mysql_connection.cc
@@ -478,7 +478,7 @@ MySqlConnection::initializeSchema(const ParameterMap& parameters) {
     ProcessSpawn kea_admin(ProcessSpawn::SYNC, KEA_ADMIN_, kea_admin_parameters, vars,
                            /* inherit_env = */ true);
     DB_LOG_INFO(MYSQL_INITIALIZE_SCHEMA)
-        .arg(kea_admin.getCommandLine(std::unordered_set<std::string>{"--user", "--password"}));
+        .arg(kea_admin.getCommandLine(std::unordered_set<std::string>{"--password"}));
     pid_t const pid(kea_admin.spawn());
     if (kea_admin.isRunning(pid)) {
         isc_throw(SchemaInitializationFailed, "kea-admin still running");

diff --git a/src/lib/pgsql/pgsql_connection.cc b/src/lib/pgsql/pgsql_connection.cc
index cf8d82410e0261ce6471935a4ca24e12685ace38..b8146f708b61f15c466527b851a0ca589e8ffa07 100644 (file)
--- a/src/lib/pgsql/pgsql_connection.cc
+++ b/src/lib/pgsql/pgsql_connection.cc
@@ -234,7 +234,7 @@ PgSqlConnection::initializeSchema(const ParameterMap& parameters) {
     ProcessSpawn kea_admin(ProcessSpawn::SYNC, KEA_ADMIN_, kea_admin_parameters, vars,
                            /* inherit_env = */ true);
     DB_LOG_INFO(PGSQL_INITIALIZE_SCHEMA)
-        .arg(kea_admin.getCommandLine(std::unordered_set<std::string>{"--user", "--password"}));
+        .arg(kea_admin.getCommandLine(std::unordered_set<std::string>{"--password"}));
     pid_t const pid(kea_admin.spawn());
     if (kea_admin.isRunning(pid)) {
         isc_throw(SchemaInitializationFailed, "kea-admin still running");