From a8645039c4f1a6a5455e4d91c95cde06b8a1b9b1 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Mon, 6 Nov 2023 20:25:24 +0100
Subject: T5713: only strip "secret" CLI node and nothing else

Commit 30eb308149 ("T5713: Strip string after "secret" in IPSEC config") had
good intention but this will happen:

use-secret foo CLI node will become " secret xxxxxx" so the output of
strip-private invalidates the configuration.

This has been changed to an exact match of "secret" only

(cherry picked from commit 863af115df853987dd8ad25ecef3f0ea58485e83)
---
 src/helpers/strip-private.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'src/helpers')

diff --git a/src/helpers/strip-private.py b/src/helpers/strip-private.py
index 9b2019817..cb29069cf 100755
--- a/src/helpers/strip-private.py
+++ b/src/helpers/strip-private.py
@@ -1,6 +1,6 @@
 #!/usr/bin/python3
 
-# Copyright 2021-2022 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2021-2023 VyOS maintainers and contributors <maintainers@vyos.io>
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -21,7 +21,6 @@ import sys
 
 from netaddr import IPNetwork, AddrFormatError
 
-
 parser = argparse.ArgumentParser(description='strip off private information from VyOS config')
 
 strictness = parser.add_mutually_exclusive_group()
@@ -119,7 +118,7 @@ if __name__ == "__main__":
         (True, re.compile(r'(shared-secret-key-file|ca-cert-file|cert-file|dh-file|key-file|client) (\S+)'), r'\1 xxxxxx'),
         # Strip IPSEC secrets
         (True, re.compile(r'pre-shared-secret \S+'), 'pre-shared-secret xxxxxx'),
-        (True, re.compile(r'\ssecret \S+'), ' secret xxxxxx'),
+        (True, re.compile(r'secret \S+'), 'secret xxxxxx'),
         # Strip OSPF md5-key
         (True, re.compile(r'md5-key \S+'), 'md5-key xxxxxx'),
         # Strip WireGuard private-key
-- 
cgit v1.2.3