Filtering sensitive info when logging running config

This commit is contained in:
Shay Nehmad 2019-07-29 09:18:45 +03:00
parent 898b0f13a9
commit 8d5c90faa4
3 changed files with 9 additions and 2 deletions

View File

@ -53,6 +53,12 @@ class Configuration(object):
result = self.from_kv(formatted_data)
return result
@staticmethod
def filter_sensitive_info(config_dict):
config_dict["exploit_password_list"] = ["~REDACTED~"]
config_dict["exploit_user_list"] = ["~REDACTED~"]
return config_dict
def as_dict(self):
result = {}
for key in dir(Configuration):

View File

@ -168,7 +168,8 @@ class ControlClient(object):
try:
unknown_variables = WormConfiguration.from_kv(reply.json().get('config'))
LOG.info("New configuration was loaded from server: %r" % (WormConfiguration.as_dict(),))
LOG.info("New configuration was loaded from server: %r" %
(WormConfiguration.filter_sensitive_info(WormConfiguration.as_dict()),))
except Exception as exc:
# we don't continue with default conf here because it might be dangerous
LOG.error("Error parsing JSON reply from control server %s (%s): %s",

View File

@ -68,7 +68,7 @@ def main():
else:
print("Config file wasn't supplied and default path: %s wasn't found, using internal default" % (config_file,))
print("Loaded Configuration: %r" % WormConfiguration.as_dict())
print("Loaded Configuration: %r" % WormConfiguration.filter_sensitive_info(WormConfiguration.as_dict()))
# Make sure we're not in a machine that has the kill file
kill_path = os.path.expandvars(