Skip to content

Don't echo encrypted sudo password in askpass error#3098

Merged
liquidsec merged 1 commit into
devfrom
sudo-askpass-no-ciphertext-in-error
May 15, 2026
Merged

Don't echo encrypted sudo password in askpass error#3098
liquidsec merged 1 commit into
devfrom
sudo-askpass-no-ciphertext-in-error

Conversation

@liquidsec

Copy link
Copy Markdown
Collaborator

Drops the ciphertext blob from the askpass decryption-failure message. Defense-in-depth; the encrypted blob has no diagnostic value on its own and shouldn't be in logs. Supersedes #3029 (unsigned CLA).

@codecov

codecov Bot commented May 15, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 90%. Comparing base (e892c8c) to head (9a84da7).
⚠️ Report is 2 commits behind head on dev.

Files with missing lines Patch % Lines
bbot/core/helpers/depsinstaller/sudo_askpass.py 0% 1 Missing ⚠️
Additional details and impacted files
@@          Coverage Diff          @@
##             dev   #3098   +/-   ##
=====================================
- Coverage     90%     90%   -0%     
=====================================
  Files        444     444           
  Lines      38338   38338           
=====================================
- Hits       34284   34281    -3     
- Misses      4054    4057    +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@github-actions

Copy link
Copy Markdown
Contributor

📊 Performance Benchmark Report

Comparing dev (baseline) vs sudo-askpass-no-ciphertext-in-error (current)

📈 Detailed Results (All Benchmarks)

📋 Complete results for all benchmarks - includes both significant and insignificant changes

🧪 Test Name 📏 Base 📏 Current 📈 Change 🎯 Status
Bloom Filter Dns Mutation Tracking Performance 4.17ms 4.14ms -0.9%
Bloom Filter Large Scale Dns Brute Force 17.88ms 17.75ms -0.7%
Large Closest Match Lookup 354.55ms 354.18ms -0.1%
Realistic Closest Match Workload 188.65ms 188.39ms -0.1%
Event Memory Medium Scan 1782 B/event 1784 B/event +0.1%
Event Memory Large Scan 1768 B/event 1768 B/event +0.0%
Event Validation Full Scan Startup Small Batch 426.98ms 411.55ms -3.6%
Event Validation Full Scan Startup Large Batch 591.85ms 590.09ms -0.3%
Make Event Autodetection Small 31.36ms 30.49ms -2.8%
Make Event Autodetection Large 314.75ms 312.37ms -0.8%
Make Event Explicit Types 13.84ms 13.71ms -0.9%
Excavate Single Thread Small 4.021s 3.939s -2.0%
Excavate Single Thread Large 9.679s 9.590s -0.9%
Excavate Parallel Tasks Small 4.192s 4.182s -0.2%
Excavate Parallel Tasks Large 6.639s 6.644s +0.1%
Is Ip Performance 3.17ms 3.20ms +1.0%
Make Ip Type Performance 11.67ms 11.64ms -0.3%
Mixed Ip Operations 4.46ms 4.50ms +0.9%
Memory Use Web Crawl 664.1 MB 652.7 MB -1.7%
Memory Use Subdomain Enum 33.3 MB 33.3 MB +0.0%
Memory Use Deep Chain 7.8 MB 7.8 MB +0.0%
Memory Use Parallel Chains 20.6 MB 22.1 MB +7.2%
Scan Throughput 100 4.217s 4.294s +1.8%
Scan Throughput 1000 32.821s 32.669s -0.5%
Typical Queue Shuffle 64.13µs 63.01µs -1.7%
Priority Queue Shuffle 732.61µs 720.12µs -1.7%

🎯 Performance Summary

No significant performance changes detected (all changes <10%)


🐍 Python Version 3.11.15

@liquidsec liquidsec merged commit d2deb4c into dev May 15, 2026
19 of 20 checks passed
@liquidsec liquidsec deleted the sudo-askpass-no-ciphertext-in-error branch May 15, 2026 16:34
@liquidsec liquidsec mentioned this pull request Jun 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants