From: Erwan Le Goas Date: Thu, 29 Sep 2022 08:31:18 +0000 (+0200) Subject: MINOR: config: Add other keywords when dump the anonymized configuration file X-Git-Tag: v2.7-dev7~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=059d05f702db9b25a2cc959f1a20cbb93d39c336;p=thirdparty%2Fhaproxy.git MINOR: config: Add other keywords when dump the anonymized configuration file Add keywords recognized during the dump of the configuration file, these keywords are followed by sensitive information. Remove the condition 'localhost' for the second argument of keyword 'server', consider as not essential and can disturb when comparing it in cli section (there is no exception 'localhost'). No backport needed, except if anonymization mechanism is backported. --- diff --git a/src/cfgparse.c b/src/cfgparse.c index a2e86f518b..d0cca04983 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -2010,14 +2010,8 @@ next_line: } else if (strcmp(args[0], "server") == 0) { - qfprintf(stdout, "%s ", args[0]); + qfprintf(stdout, "%s %s ", args[0], HA_ANON_ID(g_key, args[1])); - if (strcmp(args[1], "localhost") == 0) { - qfprintf(stdout, "%s ", args[1]); - } - else { - qfprintf(stdout, "%s ", HA_ANON_ID(g_key, args[1])); - } if (arg > 2) { qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1)); } @@ -2091,6 +2085,69 @@ next_line: qfprintf(stdout, "%s %s\n", args[0], HA_ANON_ID(g_key, args[1])); } + else if (strcmp(args[0], "source") == 0) { + qfprintf(stdout, "%s %s ", args[0], hash_ipanon(g_key, args[1], 1)); + + if (arg > 2) { + qfprintf(stdout, "[...]"); + } + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "nameserver") == 0) { + qfprintf(stdout, "%s %s %s ", args[0], + HA_ANON_ID(g_key, args[1]), hash_ipanon(g_key, args[2], 1)); + if (arg > 3) { + qfprintf(stdout, "[...]"); + } + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "http-request") == 0) { + qfprintf(stdout, "%s %s ", args[0], args[1]); + if (arg > 2) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "http-response") == 0) { + qfprintf(stdout, "%s %s ", args[0], args[1]); + if (arg > 2) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "http-after-response") == 0) { + qfprintf(stdout, "%s %s ", args[0], args[1]); + if (arg > 2) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "filter") == 0) { + qfprintf(stdout, "%s %s ", args[0], args[1]); + if (arg > 2) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "errorfile") == 0) { + qfprintf(stdout, "%s %s %s\n", args[0], args[1], HA_ANON_PATH(g_key, args[2])); + } + + else if (strcmp(args[0], "cookie") == 0) { + qfprintf(stdout, "%s %s ", args[0], HA_ANON_ID(g_key, args[1])); + if (arg > 2) + qfprintf(stdout, "%s ", args[2]); + if (arg > 3) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "stats") == 0 && strcmp(args[1], "auth") == 0) { + qfprintf(stdout, "%s %s %s\n", args[0], args[1], HA_ANON_STR(g_key, args[2])); + } + else { /* display up to 3 words and mask the rest which might be confidential */ for (i = 0; i < MIN(arg, 3); i++) {