From: Jason Ish <ish@unx.ca>
Date: Tue, 28 Nov 2017 22:44:47 +0000 (-0600)
Subject: logging: add secret masking
X-Git-Tag: 1.0.0a1~39
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5219fd1edeb05a0ff77595cf7a55e2ab7bf5b138;p=thirdparty%2Fsuricata-update.git

logging: add secret masking

Allows strings to be registered that will be masked
in the log output.
---

diff --git a/suricata/update/loghandler.py b/suricata/update/loghandler.py
index cf460a3..d985777 100644
--- a/suricata/update/loghandler.py
+++ b/suricata/update/loghandler.py
@@ -18,6 +18,15 @@
 import logging
 import time
 
+# A list of secrets that will be replaced in the log output.
+secrets = {}
+
+def add_secret(secret, replacement):
+    """Register a secret to be masked. The secret will be replaced with:
+           <replacement>
+    """
+    secrets[str(secret)] = str(replacement)
+
 class SuriColourLogHandler(logging.StreamHandler):
     """An alternative stream log handler that logs with Suricata inspired
     log colours."""
@@ -61,5 +70,10 @@ class SuriColourLogHandler(logging.StreamHandler):
             record.levelname.title(),
             self.RESET,
             message_prefix,
-            record.getMessage(),
+            self.mask_secrets(record.getMessage()),
             self.RESET))
+
+    def mask_secrets(self, msg):
+        for secret in secrets:
+            msg = msg.replace(secret, "<%s>" % secrets[secret])
+        return msg