Filtering sensitive info when logging running config

monkey/infection_monkey/config.py

@@ -53,6 +53,12 @@ class Configuration(object):
         result = self.from_kv(formatted_data)
         return result
 
+    @staticmethod
+    def filter_sensitive_info(config_dict):
+        config_dict["exploit_password_list"] = ["~REDACTED~"]
+        config_dict["exploit_user_list"] = ["~REDACTED~"]
+        return config_dict
+
     def as_dict(self):
         result = {}
         for key in dir(Configuration):

monkey/infection_monkey/control.py

@@ -168,7 +168,8 @@ class ControlClient(object):
 
         try:
             unknown_variables = WormConfiguration.from_kv(reply.json().get('config'))
-            LOG.info("New configuration was loaded from server: %r" % (WormConfiguration.as_dict(),))
+            LOG.info("New configuration was loaded from server: %r" %
+                     (WormConfiguration.filter_sensitive_info(WormConfiguration.as_dict()),))
         except Exception as exc:
             # we don't continue with default conf here because it might be dangerous
             LOG.error("Error parsing JSON reply from control server %s (%s): %s",

monkey/infection_monkey/main.py

@@ -68,7 +68,7 @@ def main():
     else:
         print("Config file wasn't supplied and default path: %s wasn't found, using internal default" % (config_file,))
 
-    print("Loaded Configuration: %r" % WormConfiguration.as_dict())
+    print("Loaded Configuration: %r" % WormConfiguration.filter_sensitive_info(WormConfiguration.as_dict()))
 
     # Make sure we're not in a machine that has the kill file
     kill_path = os.path.expandvars(