From 059d05f702db9b25a2cc959f1a20cbb93d39c336 Mon Sep 17 00:00:00 2001 From: Erwan Le Goas Date: Thu, 29 Sep 2022 10:31:18 +0200 Subject: [PATCH] MINOR: config: Add other keywords when dump the anonymized configuration file Add keywords recognized during the dump of the configuration file, these keywords are followed by sensitive information. Remove the condition 'localhost' for the second argument of keyword 'server', consider as not essential and can disturb when comparing it in cli section (there is no exception 'localhost'). No backport needed, except if anonymization mechanism is backported. --- src/cfgparse.c | 71 +++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 64 insertions(+), 7 deletions(-) diff --git a/src/cfgparse.c b/src/cfgparse.c index a2e86f518b..d0cca04983 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -2010,14 +2010,8 @@ next_line: } else if (strcmp(args[0], "server") == 0) { - qfprintf(stdout, "%s ", args[0]); + qfprintf(stdout, "%s %s ", args[0], HA_ANON_ID(g_key, args[1])); - if (strcmp(args[1], "localhost") == 0) { - qfprintf(stdout, "%s ", args[1]); - } - else { - qfprintf(stdout, "%s ", HA_ANON_ID(g_key, args[1])); - } if (arg > 2) { qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1)); } @@ -2091,6 +2085,69 @@ next_line: qfprintf(stdout, "%s %s\n", args[0], HA_ANON_ID(g_key, args[1])); } + else if (strcmp(args[0], "source") == 0) { + qfprintf(stdout, "%s %s ", args[0], hash_ipanon(g_key, args[1], 1)); + + if (arg > 2) { + qfprintf(stdout, "[...]"); + } + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "nameserver") == 0) { + qfprintf(stdout, "%s %s %s ", args[0], + HA_ANON_ID(g_key, args[1]), hash_ipanon(g_key, args[2], 1)); + if (arg > 3) { + qfprintf(stdout, "[...]"); + } + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "http-request") == 0) { + qfprintf(stdout, "%s %s ", args[0], args[1]); + if (arg > 2) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "http-response") == 0) { + qfprintf(stdout, "%s %s ", args[0], args[1]); + if (arg > 2) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "http-after-response") == 0) { + qfprintf(stdout, "%s %s ", args[0], args[1]); + if (arg > 2) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "filter") == 0) { + qfprintf(stdout, "%s %s ", args[0], args[1]); + if (arg > 2) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "errorfile") == 0) { + qfprintf(stdout, "%s %s %s\n", args[0], args[1], HA_ANON_PATH(g_key, args[2])); + } + + else if (strcmp(args[0], "cookie") == 0) { + qfprintf(stdout, "%s %s ", args[0], HA_ANON_ID(g_key, args[1])); + if (arg > 2) + qfprintf(stdout, "%s ", args[2]); + if (arg > 3) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "stats") == 0 && strcmp(args[1], "auth") == 0) { + qfprintf(stdout, "%s %s %s\n", args[0], args[1], HA_ANON_STR(g_key, args[2])); + } + else { /* display up to 3 words and mask the rest which might be confidential */ for (i = 0; i < MIN(arg, 3); i++) { -- 2.47.3