From 3e48e0cb95650b5fbd94e39fa78b002ebe468be3 Mon Sep 17 00:00:00 2001 From: RageLtMan Date: Sat, 4 Nov 2023 09:45:15 -0400 Subject: T5713: Strip string after "secret" in IPSEC config Make "strip-private" strip the string after "secret" (cherry picked from commit 30eb308149f24b7f15aa3e40ced6918a8a3a04b8) --- src/helpers/strip-private.py | 1 + 1 file changed, 1 insertion(+) (limited to 'src/helpers/strip-private.py') diff --git a/src/helpers/strip-private.py b/src/helpers/strip-private.py index eb584edaf..9b2019817 100755 --- a/src/helpers/strip-private.py +++ b/src/helpers/strip-private.py @@ -119,6 +119,7 @@ if __name__ == "__main__": (True, re.compile(r'(shared-secret-key-file|ca-cert-file|cert-file|dh-file|key-file|client) (\S+)'), r'\1 xxxxxx'), # Strip IPSEC secrets (True, re.compile(r'pre-shared-secret \S+'), 'pre-shared-secret xxxxxx'), + (True, re.compile(r'\ssecret \S+'), ' secret xxxxxx'), # Strip OSPF md5-key (True, re.compile(r'md5-key \S+'), 'md5-key xxxxxx'), # Strip WireGuard private-key -- cgit v1.2.3 From a8645039c4f1a6a5455e4d91c95cde06b8a1b9b1 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 6 Nov 2023 20:25:24 +0100 Subject: T5713: only strip "secret" CLI node and nothing else Commit 30eb308149 ("T5713: Strip string after "secret" in IPSEC config") had good intention but this will happen: use-secret foo CLI node will become " secret xxxxxx" so the output of strip-private invalidates the configuration. This has been changed to an exact match of "secret" only (cherry picked from commit 863af115df853987dd8ad25ecef3f0ea58485e83) --- src/helpers/strip-private.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'src/helpers/strip-private.py') diff --git a/src/helpers/strip-private.py b/src/helpers/strip-private.py index 9b2019817..cb29069cf 100755 --- a/src/helpers/strip-private.py +++ b/src/helpers/strip-private.py @@ -1,6 +1,6 @@ #!/usr/bin/python3 -# Copyright 2021-2022 VyOS maintainers and contributors +# Copyright 2021-2023 VyOS maintainers and contributors # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -21,7 +21,6 @@ import sys from netaddr import IPNetwork, AddrFormatError - parser = argparse.ArgumentParser(description='strip off private information from VyOS config') strictness = parser.add_mutually_exclusive_group() @@ -119,7 +118,7 @@ if __name__ == "__main__": (True, re.compile(r'(shared-secret-key-file|ca-cert-file|cert-file|dh-file|key-file|client) (\S+)'), r'\1 xxxxxx'), # Strip IPSEC secrets (True, re.compile(r'pre-shared-secret \S+'), 'pre-shared-secret xxxxxx'), - (True, re.compile(r'\ssecret \S+'), ' secret xxxxxx'), + (True, re.compile(r'secret \S+'), 'secret xxxxxx'), # Strip OSPF md5-key (True, re.compile(r'md5-key \S+'), 'md5-key xxxxxx'), # Strip WireGuard private-key -- cgit v1.2.3