From d34d6b1949a0e3633d3b6e109207d31cd6ef1cbc Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 4 Nov 2020 17:22:37 +0100 Subject: [PATCH] App installs logs were still disclosing secrets when shared sometimes... --- locales/en.json | 1 - src/yunohost/app.py | 8 +++++++- src/yunohost/hook.py | 7 +------ src/yunohost/log.py | 1 + 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/locales/en.json b/locales/en.json index 9e54e4c44..e3b0c12a2 100644 --- a/locales/en.json +++ b/locales/en.json @@ -294,7 +294,6 @@ "dyndns_registration_failed": "Could not register DynDNS domain: {error:s}", "dyndns_domain_not_provided": "DynDNS provider {provider:s} cannot provide domain {domain:s}.", "dyndns_unavailable": "The domain '{domain:s}' is unavailable.", - "executing_command": "Executing command '{command:s}'...", "executing_script": "Executing script '{script:s}'...", "extracting": "Extracting...", "experimental_feature": "Warning: This feature is experimental and not considered stable, you should not use it unless you know what you are doing.", diff --git a/src/yunohost/app.py b/src/yunohost/app.py index 00472744f..aca4a9354 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -743,7 +743,13 @@ def app_install(operation_logger, app, label=None, args=None, no_remove_on_failu env_dict["YNH_APP_ID"] = app_id env_dict["YNH_APP_INSTANCE_NAME"] = app_instance_name env_dict["YNH_APP_INSTANCE_NUMBER"] = str(instance_number) - operation_logger.extra.update({'env': env_dict}) + + env_dict_for_logging = env_dict.copy() + for arg_name, arg_value_and_type in args_odict.items(): + if arg_value_and_type[1] == "password": + del env_dict_for_logging["YNH_APP_ARG_%s" % arg_name.upper()] + + operation_logger.extra.update({'env': env_dict_for_logging}) # We'll check that the app didn't brutally edit some system configuration manually_modified_files_before_install = manually_modified_files() diff --git a/src/yunohost/hook.py b/src/yunohost/hook.py index b57300f54..9ffe6e01c 100644 --- a/src/yunohost/hook.py +++ b/src/yunohost/hook.py @@ -398,12 +398,7 @@ def _hook_exec_bash(path, args, no_trace, chdir, env, user, return_format, logge for k, v in env.items()]), cmd) command.append(cmd.format(script=cmd_script, args=cmd_args)) - if logger.isEnabledFor(log.DEBUG): - logger.debug(m18n.n('executing_command', command=' '.join(command))) - else: - logger.debug(m18n.n('executing_script', script=path)) - - logger.debug("About to run the command '%s'" % command) + logger.debug("Executing command '%s'" % ' '.join(command)) returncode = call_async_output( command, loggers, shell=False, cwd=chdir, diff --git a/src/yunohost/log.py b/src/yunohost/log.py index c71de2ab3..615970b26 100644 --- a/src/yunohost/log.py +++ b/src/yunohost/log.py @@ -467,6 +467,7 @@ class OperationLogger(object): 'started_at': self.started_at, 'operation': self.operation, 'yunohost_version': get_ynh_package_version("yunohost")["version"], + 'interface': msettings.get('interface') == 'api', } if self.related_to is not None: data['related_to'] = self.related_to