We have some news to share for the request index beta feature. We’ve added more options to sort your requests, counters to the individual filters and documentation for the search functionality. Checkout the blog post for more details.

Overview

File remove-password-from-shell-after-functional-text-mat.patch of Package venv-salt-minion

From 8d32b4ecea655e419c75b9f6dfe14c9fd7038522 Mon Sep 17 00:00:00 2001
From: Marek Czernek <marek.czernek@suse.com>
Date: Mon, 3 Mar 2025 09:36:46 +0100
Subject: [PATCH] Remove password from shell after functional text
 matching (#705)

---
 salt/client/ssh/shell.py | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/salt/client/ssh/shell.py b/salt/client/ssh/shell.py
index 182e2c19e30..fcacfa6f737 100644
--- a/salt/client/ssh/shell.py
+++ b/salt/client/ssh/shell.py
@@ -386,6 +386,13 @@ class Shell:
             cmd_lst.append("/bin/sh {}".format(cmd_part))
         return cmd_lst
 
+    def _sanitize_str(self, text, sanitize_text):
+        """Remove all occurrences of sanitize_text from text"""
+        if not sanitize_text:
+            return text
+        replace_str = "*" * 6
+        return re.sub(r"\b" + re.escape(sanitize_text) + r"\b", replace_str, text)
+
     def _run_cmd(self, cmd, key_accept=False, passwd_retries=3):
         """
         Execute a shell command via VT. This is blocking and assumes that ssh
@@ -417,15 +424,11 @@ class Shell:
             while term.has_unread_data:
                 stdout, stderr = term.recv()
                 if stdout:
-                    if self.passwd:
-                        stdout = stdout.replace(self.passwd, ("*" * 6))
                     ret_stdout += stdout
                     buff = old_stdout + stdout
                 else:
                     buff = stdout
                 if stderr:
-                    if self.passwd:
-                        stderr = stderr.replace(self.passwd, ("*" * 6))
                     ret_stderr += stderr
                 if buff and RSTR_RE.search(buff):
                     # We're getting results back, don't try to send passwords
@@ -458,7 +461,7 @@ class Shell:
                         ret_stdout = (
                             "The host key needs to be accepted, to "
                             "auto accept run salt-ssh with the -i "
-                            "flag:\n{}".format(stdout)
+                            f"flag:\n{self._sanitize_str(stdout, self.passwd)}"
                         )
                         return ret_stdout, "", 254
                 elif buff and SUDO_PROMPT_RE.search(buff):
@@ -484,6 +487,8 @@ class Shell:
                     # as we just need to ensure the child process in term finished
                     # to get proper term.exitstatus instead of None
                     pass
+            ret_stdout = self._sanitize_str(ret_stdout, self.passwd)
+            ret_stderr = self._sanitize_str(ret_stderr, self.passwd)
             return ret_stdout, ret_stderr, term.exitstatus
         finally:
             term.close(terminate=True, kill=True)
-- 
2.48.1
openSUSE Build Service is sponsored by
Places