From 059d05f702db9b25a2cc959f1a20cbb93d39c336 Mon Sep 17 00:00:00 2001 From: Erwan Le Goas Date: Thu, 29 Sep 2022 10:31:18 +0200 Subject: [PATCH] MINOR: config: Add other keywords when dump the anonymized configuration file Add keywords recognized during the dump of the configuration file, these keywords are followed by sensitive information. Remove the condition 'localhost' for the second argument of keyword 'server', consider as not essential and can disturb when comparing it in cli section (there is no exception 'localhost'). No backport needed, except if anonymization mechanism is backported. --- src/cfgparse.c | 71 +++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 64 insertions(+), 7 deletions(-) diff --git a/src/cfgparse.c b/src/cfgparse.c index a2e86f518..d0cca0498 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -2010,14 +2010,8 @@ int readcfgfile(const char *file) } else if (strcmp(args[0], "server") == 0) { - qfprintf(stdout, "%s ", args[0]); + qfprintf(stdout, "%s %s ", args[0], HA_ANON_ID(g_key, args[1])); - if (strcmp(args[1], "localhost") == 0) { - qfprintf(stdout, "%s ", args[1]); - } - else { - qfprintf(stdout, "%s ", HA_ANON_ID(g_key, args[1])); - } if (arg > 2) { qfprintf(stdout, "%s ", hash_ipanon(g_key, args[2], 1)); } @@ -2091,6 +2085,69 @@ int readcfgfile(const char *file) qfprintf(stdout, "%s %s\n", args[0], HA_ANON_ID(g_key, args[1])); } + else if (strcmp(args[0], "source") == 0) { + qfprintf(stdout, "%s %s ", args[0], hash_ipanon(g_key, args[1], 1)); + + if (arg > 2) { + qfprintf(stdout, "[...]"); + } + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "nameserver") == 0) { + qfprintf(stdout, "%s %s %s ", args[0], + HA_ANON_ID(g_key, args[1]), hash_ipanon(g_key, args[2], 1)); + if (arg > 3) { + qfprintf(stdout, "[...]"); + } + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "http-request") == 0) { + qfprintf(stdout, "%s %s ", args[0], args[1]); + if (arg > 2) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "http-response") == 0) { + qfprintf(stdout, "%s %s ", args[0], args[1]); + if (arg > 2) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "http-after-response") == 0) { + qfprintf(stdout, "%s %s ", args[0], args[1]); + if (arg > 2) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "filter") == 0) { + qfprintf(stdout, "%s %s ", args[0], args[1]); + if (arg > 2) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "errorfile") == 0) { + qfprintf(stdout, "%s %s %s\n", args[0], args[1], HA_ANON_PATH(g_key, args[2])); + } + + else if (strcmp(args[0], "cookie") == 0) { + qfprintf(stdout, "%s %s ", args[0], HA_ANON_ID(g_key, args[1])); + if (arg > 2) + qfprintf(stdout, "%s ", args[2]); + if (arg > 3) + qfprintf(stdout, "[...]"); + qfprintf(stdout, "\n"); + } + + else if (strcmp(args[0], "stats") == 0 && strcmp(args[1], "auth") == 0) { + qfprintf(stdout, "%s %s %s\n", args[0], args[1], HA_ANON_STR(g_key, args[2])); + } + else { /* display up to 3 words and mask the rest which might be confidential */ for (i = 0; i < MIN(arg, 3); i++) {