geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jensde...@apache.org
Subject incubator-geode git commit: GEODE-718: Sanitize passwords in gfsh history file
Date Mon, 04 Jan 2016 17:45:07 GMT
Repository: incubator-geode
Updated Branches:
  refs/heads/develop ca6148aa9 -> 9bca880bf


GEODE-718: Sanitize passwords in gfsh history file


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/9bca880b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/9bca880b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/9bca880b

Branch: refs/heads/develop
Commit: 9bca880bfce2af96c48dc6a36c0c6573431f6345
Parents: ca6148a
Author: Jens Deppe <jdeppe@pivotal.io>
Authored: Wed Dec 30 10:47:33 2015 -0800
Committer: Jens Deppe <jdeppe@pivotal.io>
Committed: Mon Jan 4 09:44:27 2016 -0800

----------------------------------------------------------------------
 .../internal/cli/shell/jline/GfshHistory.java   | 11 ++-
 .../cli/shell/GfshHistoryJUnitTest.java         | 88 ++++++++++++++++++++
 2 files changed, 98 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9bca880b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/jline/GfshHistory.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/jline/GfshHistory.java
b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/jline/GfshHistory.java
index dc3fbe1..5d0d8dc 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/jline/GfshHistory.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/jline/GfshHistory.java
@@ -22,6 +22,8 @@ import jline.console.history.MemoryHistory;
 
 import java.io.File;
 import java.io.IOException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 /**
  * Overrides jline.History to add History without newline characters.
@@ -31,6 +33,9 @@ import java.io.IOException;
  */
 public class GfshHistory extends MemoryHistory {
 
+  // Pattern which is intended to pick up any params containing the word 'password'.
+  private static final Pattern passwordRe = Pattern.compile("(--[^=\\s]*password[^=\\s]*\\s*=\\s*)([^\\s]*)");
+
   // let the history from history file get added initially
   private boolean autoFlush = true;
 
@@ -49,6 +54,10 @@ public class GfshHistory extends MemoryHistory {
   }
   
   public static String toHistoryLoggable(String buffer) {
-    return PreprocessorUtils.trim(buffer, false).getString();
+    String trimmed = PreprocessorUtils.trim(buffer, false).getString();
+
+    Matcher matcher = passwordRe.matcher(trimmed);
+    String sanitized = matcher.replaceAll("$1*****");
+    return sanitized;
   }
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9bca880b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshHistoryJUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshHistoryJUnitTest.java
b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshHistoryJUnitTest.java
new file mode 100644
index 0000000..77e8785
--- /dev/null
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshHistoryJUnitTest.java
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.cli.shell;
+
+import com.gemstone.gemfire.test.junit.categories.UnitTest;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.TemporaryFolder;
+
+import java.io.File;
+import java.lang.reflect.Field;
+import java.nio.file.Files;
+import java.util.List;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * @author Jens Deppe
+ */
+@Category(UnitTest.class)
+public class GfshHistoryJUnitTest {
+
+  private File gfshHistoryFile;
+
+  private GfshConfig gfshConfig;
+
+  @Rule
+  public TemporaryFolder tempDirectory = new TemporaryFolder();
+
+  @Before
+  public void setUp() throws Exception {
+    gfshHistoryFile = tempDirectory.newFile("historyFile");
+    gfshConfig = new GfshConfig(gfshHistoryFile.getAbsolutePath(),
+        "",                                         // defaultPrompt
+        0,                                          // historySize
+        tempDirectory.getRoot().getAbsolutePath(),  // logDir
+        null,                                       // logLevel
+        null,                                       // logLimit
+        null,                                       // logCount
+        null                                        // initFileName
+    );
+  }
+
+  @After
+  public void teardown() throws Exception {
+    // Null out static instance so Gfsh can be reinitialised
+    Field gfshInstance = Gfsh.class.getDeclaredField("instance");
+    gfshInstance.setAccessible(true);
+    gfshInstance.set(null, null);
+  }
+
+  @Test
+  public void testHistoryFileIsCreated() throws Exception {
+    Gfsh gfsh = Gfsh.getInstance(false, new String[] {}, gfshConfig);
+    gfsh.executeScriptLine("connect --fake-param=foo");
+
+    List<String> lines = Files.readAllLines(gfshHistoryFile.toPath());
+    assertEquals(2, lines.size());
+    assertEquals(lines.get(1), "// [failed] connect --fake-param=foo");
+  }
+
+  @Test
+  public void testHistoryFileDoesNotContainPasswords() throws Exception {
+    Gfsh gfsh = Gfsh.getInstance(false, new String[] {}, gfshConfig);
+    gfsh.executeScriptLine("connect --password=foo --password = foo --password= goo --password
=goo --password-param=blah --other-password-param=    gah");
+
+    List<String> lines = Files.readAllLines(gfshHistoryFile.toPath());
+    assertEquals("// [failed] connect --password=***** --password = ***** --password= *****
--password =***** --password-param=***** --other-password-param= *****",
+        lines.get(1));
+  }
+}


Mime
View raw message