--- /dev/null
+[sec] tmark
+ Removed logging of database password as clear
+ text when kea-dhcp4 or kea-dhcp6 initialize
+ the schema.
+ (Gitlab #4086)
~ProcessSpawnImpl();
/// @brief Returns full command line, including arguments, for the process.
- std::string getCommandLine() const;
+ /// @param redact_args list of arguments to redact.
+ std::string getCommandLine(std::unordered_set<std::string> redact_args = {}) const;
/// @brief Spawn the new process.
///
}
std::string
-ProcessSpawnImpl::getCommandLine() const {
+ProcessSpawnImpl::getCommandLine(std::unordered_set<std::string> redact_args /* = {} */) const {
std::ostringstream s;
s << executable_;
// Start with index 1, because the first argument duplicates the
// path to the executable. Note, that even if there are no parameters
// the minimum size of the table is 2.
int i = 1;
+ bool redact_next = false;
while (args_[i] != NULL) {
- s << " " << args_[i];
+ if (redact_next) {
+ s << " " << "*****";
+ redact_next = false;
+ } else {
+ if (redact_args.contains(args_[i])) {
+ redact_next = true;
+ }
+
+ s << " " << args_[i];
+ }
+
++i;
}
return (s.str());
}
std::string
-ProcessSpawn::getCommandLine() const {
- return (impl_->getCommandLine());
+ProcessSpawn::getCommandLine(std::unordered_set<std::string> redact_args /* = {} */) const {
+ return (impl_->getCommandLine(redact_args));
}
pid_t
#include <vector>
#include <boost/shared_ptr.hpp>
+#include <unordered_set>
+
namespace isc {
namespace asiolink {
~ProcessSpawn() = default;
/// @brief Returns full command line, including arguments, for the process.
- std::string getCommandLine() const;
+ ///
+ /// @param redact_args list of arguments to redact
+ std::string getCommandLine(std::unordered_set<std::string> redact_args = {}) const;
/// @brief Spawn the new process.
///
EXPECT_EQ(34, process.getExitStatus(pid));
}
+// This test verifies that the full command line for the process is
+// returned with specific arguments redacted.
+TEST_F(ProcessSpawnTest, getCommandLineRedacted) {
+ {
+ // Case 1: arguments present.
+ ProcessArgs args;
+ args.push_back("db-init");
+ args.push_back("mysql");
+ args.push_back("--host");
+ args.push_back("example.com");
+ args.push_back("--user");
+ args.push_back("someone");
+ args.push_back("--password");
+ args.push_back("sesame");
+ args.push_back("--other");
+ args.push_back("stuff");
+ args.push_back("foo");
+
+ ProcessSpawn process(ProcessSpawn::ASYNC, TEST_SCRIPT_SH, args);
+ std::string expected = TEST_SCRIPT_SH;
+ expected += " db-init mysql --host example.com --user ***** --password ***** --other stuff foo";
+ std::unordered_set<std::string> redact_args = { "--user", "--password", "--not-there" };
+ EXPECT_EQ(expected, process.getCommandLine(redact_args));
+ }
+}
+
} // end of anonymous namespace
// Run.
ProcessSpawn kea_admin(ProcessSpawn::SYNC, KEA_ADMIN_, kea_admin_parameters, vars,
/* inherit_env = */ true);
- DB_LOG_INFO(MYSQL_INITIALIZE_SCHEMA).arg(kea_admin.getCommandLine());
+ DB_LOG_INFO(MYSQL_INITIALIZE_SCHEMA)
+ .arg(kea_admin.getCommandLine(std::unordered_set<std::string>{"--user", "--password"}));
pid_t const pid(kea_admin.spawn());
if (kea_admin.isRunning(pid)) {
isc_throw(SchemaInitializationFailed, "kea-admin still running");
// Run.
ProcessSpawn kea_admin(ProcessSpawn::SYNC, KEA_ADMIN_, kea_admin_parameters, vars,
/* inherit_env = */ true);
- DB_LOG_INFO(PGSQL_INITIALIZE_SCHEMA).arg(kea_admin.getCommandLine());
+ DB_LOG_INFO(PGSQL_INITIALIZE_SCHEMA)
+ .arg(kea_admin.getCommandLine(std::unordered_set<std::string>{"--user", "--password"}));
pid_t const pid(kea_admin.spawn());
if (kea_admin.isRunning(pid)) {
isc_throw(SchemaInitializationFailed, "kea-admin still running");
projects / thirdparty / kea.git / commitdiff
