From ef3a9aa55f70d6c56a6e94be5e15b54decae1a74 Mon Sep 17 00:00:00 2001
From: Sam Thursfield <sam@afuera.me.uk>
Date: Fri, 19 Sep 2014 15:26:36 +0000
Subject: Prevent cliapp from logging env. variables with 'PASSWORD' in their
 name

The upstream cliapp project is not interested in this functionality
right now.
---
 morphlib/util.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'morphlib/util.py')

diff --git a/morphlib/util.py b/morphlib/util.py
index 0d4e25dc..ae1df56a 100644
--- a/morphlib/util.py
+++ b/morphlib/util.py
@@ -13,6 +13,7 @@
 # with this program; if not, write to the Free Software Foundation, Inc.,
 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
+import contextlib
 import itertools
 import os
 import re
@@ -210,6 +211,16 @@ def new_repo_caches(app):  # pragma: no cover
 def env_variable_is_password(key):  # pragma: no cover
     return 'PASSWORD' in key
 
+@contextlib.contextmanager
+def hide_password_environment_variables(env):  # pragma: no cover
+    is_password = env_variable_is_password
+    password_env = { k:v for k,v in env.iteritems() if is_password(k) }
+    for k in password_env:
+        env[k] = '(value hidden)'
+    yield
+    for k, v in password_env.iteritems():
+        env[k] = v
+
 def log_environment_changes(app, current_env, previous_env): # pragma: no cover
     '''Log the differences between two environments to debug log.'''
     def log_event(key, value, event):
-- 
cgit v1.2.1