diff --git a/sos/report/plugins/__init__.py b/sos/report/plugins/__init__.py index dd467d3e3..69b692bf2 100644 --- a/sos/report/plugins/__init__.py +++ b/sos/report/plugins/__init__.py @@ -1317,9 +1317,9 @@ def do_file_sub(self, srcpath, regexp, subst): return replacements def do_paths_http_sub(self, pathspecs): - """ Obfuscate credentials in *_PROXY variables in all files in the - given list. Proxy setting without protocol is ignored, since that - is not recommended setting and obfuscating that one can hit false + """ Obfuscate Basic_AUTH URL credentials in all files in the given + list. Proxy setting without protocol is ignored, since that is + not recommended setting and obfuscating that one can hit false positives. :param pathspecs: A filepath to obfuscate credentials in @@ -1329,7 +1329,7 @@ def do_paths_http_sub(self, pathspecs): pathspecs = [pathspecs] for path in pathspecs: self.do_path_regex_sub( - path, r"(http(s)?://)\S+:\S+(@.*)", r"\1******:******\3") + path, r"http(s)?://\S+:\S+@", r"http\1://******:******@") def do_path_regex_sub(self, pathexp, regexp, subst): """Apply a regexp substituation to a set of files archived by diff --git a/sos/report/plugins/foreman.py b/sos/report/plugins/foreman.py index bd6bb60da..1795b4d73 100644 --- a/sos/report/plugins/foreman.py +++ b/sos/report/plugins/foreman.py @@ -331,14 +331,6 @@ def postproc(self): self.do_paths_http_sub([ '/var/log/foreman/production.log*', ]) - # .. even those appearing TWICE in the logfile, in format (one-line): - # Setting (7) update event on value --- https://USER:PASS@foobar:443,\ - # --- https://USER:PASS@foobar:3128 - self.do_path_regex_sub( - '/var/log/foreman/production.log*', - r", --- (http(s)?://)\S+:\S+(@.*)", - r"\1******:******\3" - ) # hide proxy credentials from http_proxy setting self.do_cmd_output_sub( "from settings where",