From de55902fb3f92758c4784e6fc06a69466e656ec3 Mon Sep 17 00:00:00 2001 From: David Steele Date: Wed, 13 Mar 2024 12:06:23 +1300 Subject: [PATCH] Redact secure options in check --report. For this to be practically useful secure options must be redacted. Otherwise, no user is likely to share the report. Since this feature is still internal, there is no real world impact. --- src/command/check/report.c | 7 ++++++- test/src/module/command/checkTest.c | 8 ++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/command/check/report.c b/src/command/check/report.c index 99b7fc8bc..1b8184041 100644 --- a/src/command/check/report.c +++ b/src/command/check/report.c @@ -48,6 +48,7 @@ checkReportConfigVal(JsonWrite *const json, const String *const optionName, cons if (option.multi) { ASSERT(strLstSize(valueList) >= 1); + ASSERT(!cfgParseOptionSecure(option.id)); // Split environment values if (env) @@ -68,7 +69,11 @@ checkReportConfigVal(JsonWrite *const json, const String *const optionName, cons else { ASSERT(strLstSize(valueList) == 1); - jsonWriteStr(json, strLstGet(valueList, 0)); + + if (cfgParseOptionSecure(option.id)) + jsonWriteStr(json, strNewFmt("<%s>", strZ(optionName))); + else + jsonWriteStr(json, strLstGet(valueList, 0)); } } diff --git a/test/src/module/command/checkTest.c b/test/src/module/command/checkTest.c index 95817b949..25be7c900 100644 --- a/test/src/module/command/checkTest.c +++ b/test/src/module/command/checkTest.c @@ -38,6 +38,8 @@ testRun(void) storageTest, "pgbackrest.conf", "[global]\n" "repo1-path=" TEST_PATH "/repo1\n" + "repo1-cipher-type=aes-256-cbc\n" + "repo1-cipher-pass=ULmO7pKuimOzPEqHH9HUqQln\n" "repo1-block=y\n" "no-repo1-block=bogus\n" "bogus=y\n" @@ -156,6 +158,12 @@ testRun(void) "\"repo1-block\":{" "\"val\":\"y\"" "}," + "\"repo1-cipher-pass\":{" + "\"val\":\"\"" + "}," + "\"repo1-cipher-type\":{" + "\"val\":\"aes-256-cbc\"" + "}," "\"repo1-path\":{" "\"val\":\"" TEST_PATH "/repo1\"" "}"