From 23182c4f13fbadc9b7c2ab75c1ca249d5ba987d1 Mon Sep 17 00:00:00 2001
From: "Bryn M. Reeves" <bmr@redhat.com>
Date: Mon, 2 Jun 2014 14:55:03 +0100
Subject: [PATCH] Elide bootloader password in grub plugin

The grub.conf configuration file collected by the grub plugin may
contain a plaintext or md5 hashed bootloader password. Add a regex
substitution for all files matching '.*\/grub\.conf' and replace
the password with '*'s.

Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
---
 sos/plugins/grub.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sos/plugins/grub.py b/sos/plugins/grub.py
index 3911041938..33b9f7a8d1 100644
--- a/sos/plugins/grub.py
+++ b/sos/plugins/grub.py
@@ -30,4 +30,11 @@ def setup(self):
             "/etc/grub.d"
         ])
 
+    def postproc(self):
+        self.do_path_regex_sub(
+            r".*\/grub.conf",
+            r"(password)\s(--md5)\s(.*)",
+            r"\1 \2 ********"
+        )
+
 # vim: et ts=4 sw=4