From 0d2a9b0a98da0a19a2e9db279efe0cb8ec053506 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 6 Jul 2019 19:33:57 +0200 Subject: [PATCH] Also redact vars ending with 'secret' or 'key' --- src/yunohost/log.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/log.py b/src/yunohost/log.py index 17a6ff87c..8f8c92010 100644 --- a/src/yunohost/log.py +++ b/src/yunohost/log.py @@ -310,7 +310,7 @@ class RedactingFormatter(Formatter): try: # This matches stuff like db_pwd=the_secret or admin_password=other_secret # (the secret part being at least 3 chars to avoid catching some lines like just "db_pwd=") - match = re.search(r'(pwd|pass|password)=(\S{3,})$', record.strip()) + match = re.search(r'(pwd|pass|password|secret|key)=(\S{3,})$', record.strip()) if match and match.group(2) not in self.data_to_redact: self.data_to_redact.append(match.group(2)) except Exception as e: