Blob Blame History Raw
From b34edec39189d5501b9943f73ec2afa7c7b98d58 Mon Sep 17 00:00:00 2001
From: Reid wahl <nrwahl@protonmail.com>
Date: Mon, 8 Jun 2020 22:50:00 -0700
Subject: [PATCH] [pacemaker] Fix scrubbing when password contains an equal
 sign

If the password contains one or more equal signs ('='), only the substring
after the final equal sign is scrubbed. The rest of the password appears in
plain text.

This patch modifies the scrub regex to scrub all characters after the first
equal sign.

Related to RHBZ#1845386.
Resolves: #2109

Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
---
 sos/plugins/pacemaker.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sos/plugins/pacemaker.py b/sos/plugins/pacemaker.py
index 7294c35a..8beec811 100644
--- a/sos/plugins/pacemaker.py
+++ b/sos/plugins/pacemaker.py
@@ -55,14 +55,14 @@ class Pacemaker(Plugin):
     def postproc_crm_shell(self):
         self.do_cmd_output_sub(
             "crm configure show",
-            r"passw(\S*)=\S+",
+            r"passw([^\s=]*)=\S+",
             r"passw\1=********"
         )
 
     def postproc_pcs(self):
         self.do_cmd_output_sub(
             "pcs config",
-            r"passw(\S*)=\S+",
+            r"passw([^\s=]*)=\S+",
             r"passw\1=********"
         )
 
-- 
2.26.2