Filtering sensitive info when logging running config

2019-07-29 09:18:45 +03:00 · 2019-07-29 09:18:45 +03:00 · 8d5c90faa4
parent 898b0f13a9
commit 8d5c90faa4
3 changed files with 9 additions and 2 deletions
--- a/monkey/infection_monkey/config.py
+++ b/monkey/infection_monkey/config.py
@ -53,6 +53,12 @@ class Configuration(object):
        result = self.from_kv(formatted_data)
        return result

+    @staticmethod
+    def filter_sensitive_info(config_dict):
+        config_dict["exploit_password_list"] = ["~REDACTED~"]
+        config_dict["exploit_user_list"] = ["~REDACTED~"]
+        return config_dict
+
    def as_dict(self):
        result = {}
        for key in dir(Configuration):
--- a/monkey/infection_monkey/control.py
+++ b/monkey/infection_monkey/control.py
@ -168,7 +168,8 @@ class ControlClient(object):

        try:
            unknown_variables = WormConfiguration.from_kv(reply.json().get('config'))
-            LOG.info("New configuration was loaded from server: %r" % (WormConfiguration.as_dict(),))
+            LOG.info("New configuration was loaded from server: %r" %
+                     (WormConfiguration.filter_sensitive_info(WormConfiguration.as_dict()),))
        except Exception as exc:
            # we don't continue with default conf here because it might be dangerous
            LOG.error("Error parsing JSON reply from control server %s (%s): %s",
--- a/monkey/infection_monkey/main.py
+++ b/monkey/infection_monkey/main.py
@ -68,7 +68,7 @@ def main():
    else:
        print("Config file wasn't supplied and default path: %s wasn't found, using internal default" % (config_file,))

-    print("Loaded Configuration: %r" % WormConfiguration.as_dict())
+    print("Loaded Configuration: %r" % WormConfiguration.filter_sensitive_info(WormConfiguration.as_dict()))

    # Make sure we're not in a machine that has the kill file
    kill_path = os.path.expandvars(