diff --git a/sos/report/plugins/apt.py b/sos/report/plugins/apt.py index 36b3bf1cfb..857a11b6fe 100644 --- a/sos/report/plugins/apt.py +++ b/sos/report/plugins/apt.py @@ -47,16 +47,20 @@ def setup(self): def postproc(self): super().postproc() - self.do_file_sub( + + common_regex = r"(http(s)?://)\S+:\S+(@.*)" + common_replace = r"\1******:******\3" + + files_to_sub = [ "/etc/apt/sources.list", - r"(deb\shttp(s)?://)\S+:\S+(@.*)", - r"\1******:******\3" - ) - self.do_path_regex_sub( "/etc/apt/sources.list.d/", - r"(deb\shttp(s)?://)\S+:\S+(@.*)", - r"\1******:******\3" - ) + "/etc/apt/apt.conf", + "/etc/apt/apt.conf.d/", + ] + for file in files_to_sub: + self.do_path_regex_sub( + file, common_regex, common_replace + ) # vim: set et ts=4 sw=4 : diff --git a/tests/report_tests/plugin_tests/apt/apt-proxy.conf b/tests/report_tests/plugin_tests/apt/apt-proxy.conf new file mode 100644 index 0000000000..26e954bcaf --- /dev/null +++ b/tests/report_tests/plugin_tests/apt/apt-proxy.conf @@ -0,0 +1,3 @@ +Acquire::http::proxy "http://username:somesecretpassword@10.0.0.254:80"; +Acquire::https::proxy "http://username:somesecretpassword@10.0.0.254:80"; +Acquire::ftp::proxy "http://username:somesecretpassword@10.0.0.254:80"; diff --git a/tests/report_tests/plugin_tests/apt/apt-sources.list b/tests/report_tests/plugin_tests/apt/apt-sources.list new file mode 100644 index 0000000000..4315744de9 --- /dev/null +++ b/tests/report_tests/plugin_tests/apt/apt-sources.list @@ -0,0 +1 @@ +deb http://username:somesecretpassword@archive.example.com/ubuntu jammy main diff --git a/tests/report_tests/plugin_tests/apt/apt-sources.sources b/tests/report_tests/plugin_tests/apt/apt-sources.sources new file mode 100644 index 0000000000..85d8408f5a --- /dev/null +++ b/tests/report_tests/plugin_tests/apt/apt-sources.sources @@ -0,0 +1,4 @@ +Types: deb +URIs: http://username:somesecretpassword@archive.example.com/ubuntu +Suites: jammy +Components: main diff --git a/tests/report_tests/plugin_tests/apt/apt.py b/tests/report_tests/plugin_tests/apt/apt.py new file mode 100644 index 0000000000..d8076fc236 --- /dev/null +++ b/tests/report_tests/plugin_tests/apt/apt.py @@ -0,0 +1,45 @@ +# Copyright (C) 2024 Canonical Ltd., Arif Ali +# +# This file is part of the sos project: https://github.com/sosreport/sos +# +# This copyrighted material is made available to anyone wishing to use, +# modify, copy, or redistribute it subject to the terms and conditions of +# version 2 of the GNU General Public License. +# +# See the LICENSE file in the source distribution for further information. + +from sos_tests import StageTwoReportTest + + +class AptConfScrubTest(StageTwoReportTest): + """Ensure that sources.list and apt conf are picked up and properly + scrubbed + + :avocado: tags=stagetwo + """ + + sos_cmd = '-o apt' + ubuntu_only = True + files = [ + ('apt-proxy.conf', '/etc/apt/apt.conf.d/50-apt-proxy'), + ('apt-sources.list', '/etc/apt/sources.list'), + ('apt-sources.sources', '/etc/apt/sources.list.d/ubuntu.sources'), + ] + + def test_apt_sources_and_apt_confs_collected(self): + self.assertFileCollected('/etc/apt/apt.conf.d/50-apt-proxy') + self.assertFileCollected('/etc/apt/sources.list') + self.assertFileCollected('/etc/apt/ubuntu.sources') + + def test_apt_sources_and_proxy_scrubbed(self): + # Ensure that we scrubbed all passwords + files_to_check = [ + '/etc/apt/apt.conf.d/50-apt-proxy', + '/etc/apt/sources.list', + '/etc/apt/sources.list.d/ubuntu.sources', + ] + password = 'somesecretpassword' + for file in files_to_check: + self.assertFileNotHasContent(file, password) + +# vim: set et ts=4 sw=4 :