Project

General

Profile

« Previous | Next » 

Revision 366761ab

Added by Jim Pingle almost 7 years ago

Change the method used by status.php to mask sensitive info.

Also add a few new tags to be masked. See Factory #1170

(cherry picked from commit 9858a361b81daa9465e61a93c205bfd9811e9f3a)

View differences:

src/usr/local/www/status.php
42 42 
$output_path = "/tmp/status_output/";
43 43 
$output_file = "/tmp/status_output.tgz";
44 44 

  		




  
  45
  
    
$filtered_tags = array(


  		




  
  46
  
    
	'accountkey', 'authorizedkeys', 'auth_pass', 'auth_user', 'bcrypt-hash',


  		




  
  47
  
    
	'crypto_password', 'crypto_password2', 'dns_nsupdatensupdate_key',


  		




  
  48
  
    
	'gold_encryption_password', 'gold_password', 'ipsecpsk', 'ldap_bindpw',


  		




  
  49
  
    
	'lighttpd_ls_password', 'lighttpd_ls_password', 'md5-hash',


  		




  
  50
  
    
	'md5password', 'md5sigkey', 'md5sigpass', 'nt-hash', 'passphrase',


  		




  
  51
  
    
	'password', 'passwordagain', 'pre-shared-key', 'proxypass',


  		




  
  52
  
    
	'proxy_passwd', 'proxyuser', 'proxy_user', 'prv', 'radius_secret',


  		




  
  53
  
    
	'redis_password', 'redis_passwordagain', 'rocommunity', 'secret',


  		




  
  54
  
    
	'shared_key', 'tls', 'varclientpasswordinput', 'varclientsharedsecret',


  		




  
  55
  
    
	'varsyncpassword', 'varusersmotpinitsecret', 'varusersmotppin'


  		




  
  56
  
    
);


  		




  
  57
  
    

  		




  45
  58
  
    
if ($_POST['submit'] == "DOWNLOAD" && file_exists($output_file)) {


  		




  46
  59
  
    
	session_cache_limiter('public');


  		




  47
  60
  
    
	$fd = fopen($output_file, "rb");


  		




  ......




  69
  82
  
    
mkdir($output_path);


  		




  70
  83
  
    

  		




  71
  84
  
    
function doCmdT($title, $command, $method) {


  		




  72
  
  
    
	global $output_path, $output_file;


  		




  
  85
  
    
	global $output_path, $output_file, $filtered_tags;


  		




  73
  86
  
    
	/* Fixup output directory */


  		




  74
  87
  
    

  		




  75
  88
  
    
	$rubbish = array('|', '-', '/', '.', ' ');  /* fixes the <a> tag to be W3C compliant */


  		




  ......




  87
  100
  
    
			while (!feof($fd)) {


  		




  88
  101
  
    
				$line = fgets($fd);


  		




  89
  102
  
    
				/* remove sensitive contents */


  		




  90
  
  
    
				$line = preg_replace("/<authorizedkeys>.*?<\\/authorizedkeys>/", "<authorizedkeys>xxxxx</authorizedkeys>", $line);


  		




  91
  
  
    
				$line = preg_replace("/<secret>.*?<\\/secret>/", "<secret>xxxxx</secret>", $line);


  		




  92
  
  
    
				$line = preg_replace("/<bcrypt-hash>.*?<\\/bcrypt-hash>/", "<bcrypt-hash>xxxxx</bcrypt-hash>", $line);


  		




  93
  
  
    
				$line = preg_replace("/<password>.*?<\\/password>/", "<password>xxxxx</password>", $line);


  		




  94
  
  
    
				$line = preg_replace("/<auth_user>.*?<\\/auth_user>/", "<auth_user>xxxxx</auth_user>", $line);


  		




  95
  
  
    
				$line = preg_replace("/<auth_pass>.*?<\\/auth_pass>/", "<auth_pass>xxxxx</auth_pass>", $line);


  		




  96
  
  
    
				$line = preg_replace("/<proxy_user>.*?<\\/proxy_user>/", "<proxy_user>xxxxx</proxy_user>", $line);


  		




  97
  
  
    
				$line = preg_replace("/<proxy_passwd>.*?<\\/proxy_passwd>/", "<proxy_passwd>xxxxx</proxy_passwd>", $line);


  		




  98
  
  
    
				$line = preg_replace("/<proxyuser>.*?<\\/proxyuser>/", "<proxyuser>xxxxx</proxyuser>", $line);


  		




  99
  
  
    
				$line = preg_replace("/<proxypass>.*?<\\/proxypass>/", "<proxypass>xxxxx</proxypass>", $line);


  		




  100
  
  
    
				$line = preg_replace("/<pre-shared-key>.*?<\\/pre-shared-key>/", "<pre-shared-key>xxxxx</pre-shared-key>", $line);


  		




  101
  
  
    
				$line = preg_replace("/<rocommunity>.*?<\\/rocommunity>/", "<rocommunity>xxxxx</rocommunity>", $line);


  		




  102
  
  
    
				$line = preg_replace("/<prv>.*?<\\/prv>/", "<prv>xxxxx</prv>", $line);


  		




  103
  
  
    
				$line = preg_replace("/<shared_key>.*?<\\/shared_key>/", "<shared_key>xxxxx</shared_key>", $line);


  		




  104
  
  
    
				$line = preg_replace("/<tls>.*?<\\/tls>/", "<tls>xxxxx</tls>", $line);


  		




  105
  
  
    
				$line = preg_replace("/<ipsecpsk>.*?<\\/ipsecpsk>/", "<ipsecpsk>xxxxx</ipsecpsk>", $line);


  		




  106
  
  
    
				$line = preg_replace("/<md5-hash>.*?<\\/md5-hash>/", "<md5-hash>xxxxx</md5-hash>", $line);


  		




  107
  
  
    
				$line = preg_replace("/<md5password>.*?<\\/md5password>/", "<md5password>xxxxx</md5password>", $line);


  		




  108
  
  
    
				$line = preg_replace("/<nt-hash>.*?<\\/nt-hash>/", "<nt-hash>xxxxx</nt-hash>", $line);


  		




  109
  
  
    
				$line = preg_replace("/<radius_secret>.*?<\\/radius_secret>/", "<radius_secret>xxxxx</radius_secret>", $line);


  		




  110
  
  
    
				$line = preg_replace("/<ldap_bindpw>.*?<\\/ldap_bindpw>/", "<ldap_bindpw>xxxxx</ldap_bindpw>", $line);


  		




  111
  
  
    
				$line = preg_replace("/<passwordagain>.*?<\\/passwordagain>/", "<passwordagain>xxxxx</passwordagain>", $line);


  		




  112
  
  
    
				$line = preg_replace("/<crypto_password>.*?<\\/crypto_password>/", "<crypto_password>xxxxx</crypto_password>", $line);


  		




  113
  
  
    
				$line = preg_replace("/<crypto_password2>.*?<\\/crypto_password2>/", "<crypto_password2>xxxxx</crypto_password2>", $line);


  		




  114
  
  
    
				$line = preg_replace("/<md5sigpass>.*?<\\/md5sigpass>/", "<md5sigpass>xxxxx</md5sigpass>", $line);


  		




  115
  
  
    
				$line = preg_replace("/<md5sigkey>.*?<\\/md5sigkey>/", "<md5sigkey>xxxxx</md5sigkey>", $line);


  		




  116
  
  
    
				$line = preg_replace("/<lighttpd_ls_password>.*?<\\/lighttpd_ls_password>/", "<lighttpd_ls_password>xxxxx</lighttpd_ls_password>", $line);


  		




  117
  
  
    
				$line = preg_replace("/<redis_password>.*?<\\/redis_password>/", "<redis_password>xxxxx</redis_password>", $line);


  		




  118
  
  
    
				$line = preg_replace("/<redis_passwordagain>.*?<\\/redis_passwordagain>/", "<redis_passwordagain>xxxxx</redis_passwordagain>", $line);


  		




  119
  
  
    
				$line = preg_replace("/<varclientsharedsecret>.*?<\\/varclientsharedsecret>/", "<varclientsharedsecret>xxxxx</varclientsharedsecret>", $line);


  		




  120
  
  
    
				$line = preg_replace("/<varclientpasswordinput>.*?<\\/varclientpasswordinput>/", "<varclientpasswordinput>xxxxx</varclientpasswordinput>", $line);


  		




  121
  
  
    
				$line = preg_replace("/<varusersmotpinitsecret>.*?<\\/varusersmotpinitsecret>/", "<varusersmotpinitsecret>xxxxx</varusersmotpinitsecret>", $line);


  		




  122
  
  
    
				$line = preg_replace("/<varusersmotppin>.*?<\\/varusersmotppin>/", "<varusersmotppin>xxxxx</varusersmotppin>", $line);


  		




  
  103
  
    
				foreach ($filtered_tags as $tag) {


  		




  
  104
  
    
					$line = preg_replace("/<{$tag}>.*?<\\/{$tag}>/", "<{$tag}>xxxxx</{$tag}>", $line);


  		




  
  105
  
    
				}


  		




  123
  106
  
    
				$line = str_replace("\t", "    ", $line);


  		




  124
  107
  
    
				echo htmlspecialchars($line, ENT_NOQUOTES);


  		




  125
  108
  
    
				fwrite($ofd, $line);


  		












Also available in:  Unified diff