db/pgbackrest
1
0
Fork 0
mirror of https://github.com/pgbackrest/pgbackrest.git synced 2025-03-03 14:52:21 +02:00
Code Issues Releases Activity

Redact secure options in the help command.

Browse Source 
Secure options could show up in the help as "current".  While the user must have permissions to see the source of the options (e.g. environment, config file) it's still not a good idea to display them in an unexpected context.

Instead show secure options as <redacted> in the help command.
This commit is contained in:
David Steele 2019-06-24 19:27:13 -04:00
parent c22e10e4a9
commit d7f12f268a
2 changed files with 30 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/command/help/help.c
View File

@ -274,7 +274,7 @@ helpRender(void)
strCat(summary, " [");
if (value != NULL)
strCatFmt(summary, "current=%s", strPtr(value));
strCatFmt(summary, "current=%s", cfgDefOptionSecure(optionDefId) ? "<redacted>" : strPtr(value));
if (defaultValue != NULL)
{
@ -344,7 +344,7 @@ helpRender(void)
strCat(result, "\n");
if (value != NULL)
strCatFmt(result, "current: %s\n", strPtr(value));
strCatFmt(result, "current: %s\n", cfgDefOptionSecure(optionDefId) ? "<redacted>" : strPtr(value));
if (defaultValue != NULL)
strCatFmt(result, "default: %s\n", strPtr(defaultValue));

29
test/src/module/command/helpTest.c
View File

@ -183,8 +183,9 @@ testRun(void)
"Repository Options:\n"
"\n"
" --repo-cipher-pass repository cipher passphrase\n"
" [current=<redacted>]\n"
" --repo-cipher-type cipher used to encrypt the repository\n"
" [default=none]\n"
" [current=aes-256-cbc, default=none]\n"
" --repo-host repository host when operating remotely via\n"
" SSH [current=backup.example.net]\n"
" --repo-host-cmd pgBackRest exe path on the repository host\n"
@ -224,12 +225,15 @@ testRun(void)
strLstAddZ(argList, "help");
strLstAddZ(argList, "restore");
strLstAddZ(argList, "--buffer-size=32768");
strLstAddZ(argList, "--repo1-cipher-type=aes-256-cbc");
setenv("PGBACKREST_REPO1_CIPHER_PASS", "supersecret", true);
strLstAddZ(argList, "--repo1-host=backup.example.net");
strLstAddZ(argList, "--link-map=/link1=/dest1");
strLstAddZ(argList, "--link-map=/link2=/dest2");
strLstAddZ(argList, "--db-include=db1");
strLstAddZ(argList, "--db-include=db2");
TEST_RESULT_VOID(configParse(strLstSize(argList), strLstPtr(argList), false), "help for restore command");
unsetenv("PGBACKREST_REPO1_CIPHER_PASS");
TEST_RESULT_STR(strPtr(helpRender()), commandHelp, " check text");
// -------------------------------------------------------------------------------------------------------------------------
@ -308,6 +312,29 @@ testRun(void)
TEST_RESULT_STR(
strPtr(helpRender()), strPtr(strNewFmt("%s\ncurrent: s3-host\n", optionHelp)), " check text");
// -------------------------------------------------------------------------------------------------------------------------
optionHelp = strPtr(strNewFmt(
"%s - 'archive-push' command - 'repo-cipher-pass' option help\n"
"\n"
"Repository cipher passphrase.\n"
"\n"
"Passphrase used to encrypt/decrypt files of the repository.\n"
"\n"
"current: <redacted>\n",
helpVersion));
argList = strLstNew();
strLstAddZ(argList, "/path/to/pgbackrest");
strLstAddZ(argList, "help");
strLstAddZ(argList, "--repo1-cipher-type=aes-256-cbc");
setenv("PGBACKREST_REPO1_CIPHER_PASS", "supersecret", true);
strLstAddZ(argList, "archive-push");
strLstAddZ(argList, "repo-cipher-pass");
TEST_RESULT_VOID(
configParse(strLstSize(argList), strLstPtr(argList), false), "help for archive-push command, repo1-s3-host option");
unsetenv("PGBACKREST_REPO1_CIPHER_PASS");
TEST_RESULT_STR(strPtr(helpRender()), optionHelp, " check text");
// -------------------------------------------------------------------------------------------------------------------------
optionHelp = strPtr(strNewFmt(
"%s - 'backup' command - 'repo-hardlink' option help\n"