From 819537541225e80dafed7041a173ae0645c7bc4f Mon Sep 17 00:00:00 2001 From: Stephen Fromm Date: Fri, 20 Jul 2012 11:57:36 -0700 Subject: [PATCH] Sanitize possible password argument when logging invocation; taken from user module --- lib/ansible/module_common.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/ansible/module_common.py b/lib/ansible/module_common.py index 4c8c519ae2..270d5bc1e9 100644 --- a/lib/ansible/module_common.py +++ b/lib/ansible/module_common.py @@ -33,6 +33,7 @@ try: except ImportError: import simplejson as json import os +import re import shlex import subprocess import sys @@ -118,7 +119,9 @@ class AnsibleModule(object): def _log_invocation(self): ''' log that ansible ran the module ''' syslog.openlog('ansible-%s' % os.path.basename(__file__)) - syslog.syslog(syslog.LOG_NOTICE, 'Invoked with %s' % self.args) + # Sanitize possible password argument when logging + log_args = re.sub(r'password=.+ (.*)', r"password=NOT_LOGGING_PASSWORD \1", self.args) + syslog.syslog(syslog.LOG_NOTICE, 'Invoked with %s' % log_args) def exit_json(self, **kwargs): ''' return from the module, without error '''