From d9990cd818ad0c8056ecb1c0f966f2a180be683c Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Wed, 16 Oct 2019 18:59:23 +0200
Subject: [PATCH] Smarter regex to avoid redacting all --key=stuff when using
 setting helpers for example

---
 src/yunohost/log.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/yunohost/log.py b/src/yunohost/log.py
index 0f5ff784c..72e497b5d 100644
--- a/src/yunohost/log.py
+++ b/src/yunohost/log.py
@@ -315,7 +315,8 @@ class RedactingFormatter(Formatter):
         try:
             # This matches stuff like db_pwd=the_secret or admin_password=other_secret
             # (the secret part being at least 3 chars to avoid catching some lines like just "db_pwd=")
-            match = re.search(r'(pwd|pass|password|secret|key|token)=(\S{3,})$', record.strip())
+            # For 'key', we require to at least have one word char [a-zA-Z0-9_] before it to avoid catching "--key" used in many helpers
+            match = re.search(r'(pwd|pass|password|secret|\wkey|token)=(\S{3,})$', record.strip())
             if match and match.group(2) not in self.data_to_redact:
                 self.data_to_redact.append(match.group(2))
         except Exception as e: