Bug 1232578: Do not save hashed passwords in audit_log

r=dkl

diff --git a/Bugzilla/Install/DB.pm b/Bugzilla/Install/DB.pm
index bb82f5e2d025cd0bdcdc30562db610dc852989dd..8af0eeb12921a346db052964f5d8b8df45a766f5 100644 (file)
--- a/Bugzilla/Install/DB.pm
+++ b/Bugzilla/Install/DB.pm
@@ -745,6 +745,9 @@ sub update_table_definitions {
     $dbh->bz_add_index('bz_schema', 'bz_schema_version_idx',
                        {FIELDS => ['version'], TYPE => 'UNIQUE'});
 
+    # 2015-12-16 LpSolit@gmail.com - Bug 1232578
+    _sanitize_audit_log_table();
+
     ################################################################
     # New --TABLE-- changes should go *** A B O V E *** this point #
     ################################################################
@@ -3930,6 +3933,30 @@ sub _update_alias {
     $dbh->bz_drop_column('bugs', 'alias');
 }
 
+sub _sanitize_audit_log_table {
+    my $dbh = Bugzilla->dbh;
+
+    # Replace hashed passwords by a generic comment.
+    my $class = 'Bugzilla::User';
+    my $field = 'cryptpassword';
+
+    my $hashed_passwd =
+      $dbh->selectcol_arrayref('SELECT added FROM audit_log WHERE class = ? AND field = ?
+                                AND ' . $dbh->sql_not_ilike('hashed_with_', 'added'),
+                                undef, ($class, $field));
+    if (@$hashed_passwd) {
+        say "Sanitizing hashed passwords stored in the 'audit_log' table...";
+        my $sth = $dbh->prepare('UPDATE audit_log SET added = ?
+                                 WHERE class = ? AND field = ? AND added = ?');
+
+        foreach my $passwd (@$hashed_passwd) {
+            my (undef, $sanitized_passwd) =
+              Bugzilla::Object::_sanitize_audit_log($class, $field, [undef, $passwd]);
+            $sth->execute($sanitized_passwd, $class, $field, $passwd);
+        }
+    }
+}
+
 1;
 
 __END__

diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm
index 8f25e2b20c20394e7b26047c127698ca4f06fa10..d43c8ca34f94c2e234430b8900716cd09d70d637 100644 (file)
--- a/Bugzilla/Object.pm
+++ b/Bugzilla/Object.pm
@@ -599,11 +599,29 @@ sub audit_log {
     foreach my $field (keys %$changes) {
         # Skip private changes.
         next if $field =~ /^_/;
-        my ($from, $to) = @{ $changes->{$field} };
+        my ($from, $to) = $self->_sanitize_audit_log($field, $changes->{$field});
         $sth->execute($user_id, $class, $self->id, $field, $from, $to);
     }
 }
 
+sub _sanitize_audit_log {
+    my ($self, $field, $changes) = @_;
+    my $class = ref($self) || $self;
+
+    # Do not store hashed passwords. Only record the algorithm used to encode them.
+    if ($class eq 'Bugzilla::User' && $field eq 'cryptpassword') {
+        foreach my $passwd (@$changes) {
+            next unless $passwd;
+            my $algorithm = 'unknown_algorithm';
+            if ($passwd =~ /{([^}]+)}$/) {
+                $algorithm = $1;
+            }
+            $passwd = "hashed_with_$algorithm";
+        }
+    }
+    return @$changes;
+}
+
 sub flatten_to_hash {
     my $self = shift;
     my $class = blessed($self);