YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

[fix] Redact password in app install

Browse source
This commit is contained in:
ljf 2021-09-17 18:32:06 +02:00
parent 9eda00698c
commit aeed9f897b
1 changed files with 3 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/yunohost/app.py
View file

@ -895,6 +895,9 @@ def app_install(
else: else:
app_instance_name = app_id app_instance_name = app_id
# Neede to redact password question
Question.operation_logger = operation_logger
# Retrieve arguments list for install script # Retrieve arguments list for install script
args_dict = ( args_dict = (
{} if not args else dict(urllib.parse.parse_qsl(args, keep_blank_values=True)) {} if not args else dict(urllib.parse.parse_qsl(args, keep_blank_values=True))
@ -913,19 +916,6 @@ def app_install(
# We'll check that the app didn't brutally edit some system configuration # We'll check that the app didn't brutally edit some system configuration
manually_modified_files_before_install = manually_modified_files() manually_modified_files_before_install = manually_modified_files()
# Tell the operation_logger to redact all password-type args
# Also redact the % escaped version of the password that might appear in
# the 'args' section of metadata (relevant for password with non-alphanumeric char)
data_to_redact = [
value[0] for value in args_odict.values() if value[1] == "password"
]
data_to_redact += [
urllib.parse.quote(data)
for data in data_to_redact
if urllib.parse.quote(data) != data
]
operation_logger.data_to_redact.extend(data_to_redact)
operation_logger.related_to = [ operation_logger.related_to = [
s for s in operation_logger.related_to if s[0] != "app" s for s in operation_logger.related_to if s[0] != "app"
] ]