Skip to content

Commit

Permalink
Redact secure options in check --report.
Browse files Browse the repository at this point in the history 
For this to be practically useful secure options must be redacted. Otherwise, no user is likely to share the report.

Since this feature is still internal, there is no real world impact.
  • Loading branch information
@dwsteele
dwsteele committed Mar 12, 2024
1 parent ff47450 commit de55902
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/command/check/report.c
View file
Expand Up @@ -48,6 +48,7 @@ checkReportConfigVal(JsonWrite *const json, const String *const optionName, cons
if (option.multi)
{
ASSERT(strLstSize(valueList) >= 1);
ASSERT(!cfgParseOptionSecure(option.id));

// Split environment values
if (env)
Expand All @@ -68,7 +69,11 @@ checkReportConfigVal(JsonWrite *const json, const String *const optionName, cons
else
{
ASSERT(strLstSize(valueList) == 1);
jsonWriteStr(json, strLstGet(valueList, 0));

if (cfgParseOptionSecure(option.id))
jsonWriteStr(json, strNewFmt("<%s>", strZ(optionName)));
else
jsonWriteStr(json, strLstGet(valueList, 0));
}
}

Expand Down
8 changes: 8 additions & 0 deletions test/src/module/command/checkTest.c
View file
Expand Up @@ -38,6 +38,8 @@ testRun(void)
storageTest, "pgbackrest.conf",
"[global]\n"
"repo1-path=" TEST_PATH "/repo1\n"
"repo1-cipher-type=aes-256-cbc\n"
"repo1-cipher-pass=ULmO7pKuimOzPEqHH9HUqQln\n"
"repo1-block=y\n"
"no-repo1-block=bogus\n"
"bogus=y\n"
Expand Down Expand Up @@ -156,6 +158,12 @@ testRun(void)
"\"repo1-block\":{"
"\"val\":\"y\""
"},"
"\"repo1-cipher-pass\":{"
"\"val\":\"<repo1-cipher-pass>\""
"},"
"\"repo1-cipher-type\":{"
"\"val\":\"aes-256-cbc\""
"},"
"\"repo1-path\":{"
"\"val\":\"" TEST_PATH "/repo1\""
"}"
Expand Down

0 comments on commit de55902

Please sign in to comment.