From 6a00aac13acff6faebe60f55a4c59fcb554093ef Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Thu, 27 Jun 2019 03:16:46 +0200
Subject: [PATCH] Catch pwd, pass and password as patterns for password

---
 src/yunohost/log.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/yunohost/log.py b/src/yunohost/log.py
index 6bb1a4445..32b62cb98 100644
--- a/src/yunohost/log.py
+++ b/src/yunohost/log.py
@@ -308,7 +308,9 @@ class RedactingFormatter(Formatter):
         # Wrapping this in a try/except because we don't want this to
         # break everything in case it fails miserably for some reason :s
         try:
-            match = re.search(r'(db_pwd|password)=(\S{3,})$', record.strip())
+            # This matches stuff like db_pwd=the_secret or admin_password=other_secret
+            # (the secret part being at least 3 chars to avoid catching some lines like just "db_pwd=")
+            match = re.search(r'(pwd|pass|password)=(\S{3,})$', record.strip())
             if match and match.group(2) not in self.data_to_redact:
                 self.data_to_redact.append(match.group(2))
         except Exception as e: