hcq/openGauss-OM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
v6.0.0
openGauss-OM/script/base_utils/security/sensitive_mask.py
xue_meng_en e67b86c630 修复密码掩码问题
2023-12-21 15:59:30 +08:00

59 lines
2.3 KiB
Python
Raw Permalink Blame History

# -*- coding:utf-8 -*-
#############################################################################
# Copyright (c): 2012-2019, Huawei Tech. Co., Ltd.
# FileName : sensitive_mask.py
# Version : Gauss300
# Date : 2021-06-30
# Description : sensitive_mask.py is utility to mask sensitive message
#############################################################################
import re
class SensitiveMask(object):
""" Mask sensitive message
"""
@classmethod
def mask_sensitive_para(cls, msg):
""" mask gs tools Sensitive param """
mask_items = {
"gsql": ["--with-key", "-k"],
"gs_encrypt": ["--key-base64", "--key", "-B", "-k"],
"gs_guc encrypt": ["-K"],
"gs_guc generate": ["-S"],
"gs_dump": ["--rolepassword", "--with-key"],
"gs_dumpall": ["--rolepassword", "--with-key"],
"gs_restore": ["--with-key", "--rolepassword"],
"gs_ctl": ["-P"],
"gs_redis": ["-A"],
"gs_initdb": ["--pwprompt", "--pwpasswd"],
"gs_roach": ["--obs-sk"],
"InitInstance": ["--pwpasswd"]
}
for t_key, t_value in mask_items.items():
if t_key in msg or all(tk in msg for tk in t_key.split()):
pattern = re.compile("|".join([r"(?<=%s)[ =]+[^ ]*[ ]*" % i for i in t_value]))
msg = pattern.sub(lambda m: " *** ", msg)
return msg
@classmethod
def mask_pwd(cls, msg):
"""mask pwd in msg"""
replace_reg = re.compile(r' -W[ ]*[^ ]+[ ]*')
msg = replace_reg.sub(' -W *** ', str(msg))
replace_reg = re.compile(r' -w[ ]*[^ ]+[ ]*')
msg = replace_reg.sub(' -w *** ', str(msg))
replace_reg = re.compile(r' --password[ ]*[^ ]+[ ]*')
msg = replace_reg.sub(' --password *** ', str(msg))
replace_reg = re.compile(r' --pwd[ ]*[^ ]+[ ]*')
msg = replace_reg.sub(' --pwd *** ', str(msg))
replace_reg = re.compile(r' --root-passwd[ ]*[^ ]+[ ]*')
msg = replace_reg.sub(' --root-passwd *** ', str(msg))
replace_reg = re.compile(r' -P[ ]*[^ ]+[ ]*')
msg = replace_reg.sub(' -P *** ', str(msg))
msg = cls.mask_sensitive_para(msg)
replace_reg = re.compile(r'echo[ ]+[^ ]+[ ]*\|')
msg = replace_reg.sub('echo *** |', str(msg))
return msg
Reference in New Issue View Git Blame Copy Permalink