[foreman] Obfuscate http_proxy passwords. PR-3878 improvement

Improve `do_paths_http_sub` function to replace multiple BASIC_AUTH occurrences on URLs Related: SAT-30137 Closes: #3878 Signed-off-by: Pablo Fernández Rodríguez <[email protected]>
sosreport · Dec 13, 2024 · 89810e3 · 89810e3
1 parent 5f06a1b
commit 89810e3
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 12 deletions.
diff --git a/sos/report/plugins/__init__.py b/sos/report/plugins/__init__.py
@@ -1317,9 +1317,9 @@ def do_file_sub(self, srcpath, regexp, subst):
         return replacements
 
     def do_paths_http_sub(self, pathspecs):
-        """ Obfuscate credentials in *_PROXY variables in all files in the
-        given list. Proxy setting without protocol is ignored, since that
-        is not recommended setting and obfuscating that one can hit false
+        """ Obfuscate Basic_AUTH URL credentials in all files in the given
+        list. Proxy setting without protocol is ignored, since that is
+        not recommended setting and obfuscating that one can hit false
         positives.
 
         :param pathspecs: A filepath to obfuscate credentials in
@@ -1329,7 +1329,7 @@ def do_paths_http_sub(self, pathspecs):
             pathspecs = [pathspecs]
         for path in pathspecs:
             self.do_path_regex_sub(
-                path, r"(http(s)?://)\S+:\S+(@.*)", r"\1******:******\3")
+                path, r"http(s)?://\S+:\S+@", r"http\1://******:******@")
 
     def do_path_regex_sub(self, pathexp, regexp, subst):
         """Apply a regexp substituation to a set of files archived by

diff --git a/sos/report/plugins/foreman.py b/sos/report/plugins/foreman.py
@@ -331,14 +331,6 @@ def postproc(self):
         self.do_paths_http_sub([
             '/var/log/foreman/production.log*',
         ])
-        # .. even those appearing TWICE in the logfile, in format (one-line):
-        # Setting (7) update event on value --- https://USER:PASS@foobar:443,\
-        # --- https://USER:PASS@foobar:3128
-        self.do_path_regex_sub(
-            '/var/log/foreman/production.log*',
-            r", --- (http(s)?://)\S+:\S+(@.*)",
-            r"\1******:******\3"
-        )
         # hide proxy credentials from http_proxy setting
         self.do_cmd_output_sub(
             "from settings where",