From ef3a9aa55f70d6c56a6e94be5e15b54decae1a74 Mon Sep 17 00:00:00 2001
From: Sam Thursfield <sam@afuera.me.uk>
Date: Fri, 19 Sep 2014 15:26:36 +0000
Subject: Prevent cliapp from logging env. variables with 'PASSWORD' in their
 name

The upstream cliapp project is not interested in this functionality
right now.
---
 morphlib/app.py       |  4 ++++
 morphlib/util.py      | 11 +++++++++++
 morphlib/writeexts.py |  4 ++++
 3 files changed, 19 insertions(+)

(limited to 'morphlib')

diff --git a/morphlib/app.py b/morphlib/app.py
index 25f705f7..48de6aba 100644
--- a/morphlib/app.py
+++ b/morphlib/app.py
@@ -203,6 +203,10 @@ class Morph(cliapp.Application):
 
         self.add_subcommand('help-extensions', self.help_extensions)
 
+    def log_config(self):
+        with morphlib.util.hide_password_environment_variables(os.environ):
+            cliapp.Application.log_config(self)
+
     def process_args(self, args):
         self.check_time()
 
diff --git a/morphlib/util.py b/morphlib/util.py
index 0d4e25dc..ae1df56a 100644
--- a/morphlib/util.py
+++ b/morphlib/util.py
@@ -13,6 +13,7 @@
 # with this program; if not, write to the Free Software Foundation, Inc.,
 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
+import contextlib
 import itertools
 import os
 import re
@@ -210,6 +211,16 @@ def new_repo_caches(app):  # pragma: no cover
 def env_variable_is_password(key):  # pragma: no cover
     return 'PASSWORD' in key
 
+@contextlib.contextmanager
+def hide_password_environment_variables(env):  # pragma: no cover
+    is_password = env_variable_is_password
+    password_env = { k:v for k,v in env.iteritems() if is_password(k) }
+    for k in password_env:
+        env[k] = '(value hidden)'
+    yield
+    for k, v in password_env.iteritems():
+        env[k] = v
+
 def log_environment_changes(app, current_env, previous_env): # pragma: no cover
     '''Log the differences between two environments to debug log.'''
     def log_event(key, value, event):
diff --git a/morphlib/writeexts.py b/morphlib/writeexts.py
index 5102bfdc..0fd0ad7b 100644
--- a/morphlib/writeexts.py
+++ b/morphlib/writeexts.py
@@ -113,6 +113,10 @@ class WriteExtension(cliapp.Application):
         logger.addHandler(handler)
         logger.setLevel(logging.DEBUG)
 
+    def log_config(self):
+        with morphlib.util.hide_password_environment_variables(os.environ):
+            cliapp.Application.log_config(self)
+
     def process_args(self, args):
         raise NotImplementedError()
 
-- 
cgit v1.2.1