passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Omit sensitive data from PUSH_REPLY log 

Namely auth-token.
This commit is contained in:
Davide De Rosa 2018-09-02 12:33:47 +02:00
parent 7df229c115
commit 3543f7aab3
2 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
TunnelKit/Sources/Core/SessionProxy+PushReply.swift
View File

@ -161,7 +161,7 @@ extension SessionProxy {
// XXX: parsing is very optimistic // XXX: parsing is very optimistic
struct PushReply: SessionReply { struct PushReply: SessionReply, CustomStringConvertible {
private enum Topology: String { private enum Topology: String {
case net30 case net30
@ -170,6 +170,8 @@ extension SessionProxy {
case subnet case subnet
} }
private static let prefix = "PUSH_REPLY,"
private static let topologyRegexp = try! NSRegularExpression(pattern: "topology (net30|p2p|subnet)", options: []) private static let topologyRegexp = try! NSRegularExpression(pattern: "topology (net30|p2p|subnet)", options: [])
private static let ifconfigRegexp = try! NSRegularExpression(pattern: "ifconfig [\\d\\.]+ [\\d\\.]+", options: []) private static let ifconfigRegexp = try! NSRegularExpression(pattern: "ifconfig [\\d\\.]+ [\\d\\.]+", options: [])
@ -189,6 +191,8 @@ extension SessionProxy {
private static let peerIdRegexp = try! NSRegularExpression(pattern: "peer-id [0-9]+", options: []) private static let peerIdRegexp = try! NSRegularExpression(pattern: "peer-id [0-9]+", options: [])
private static let cipherRegexp = try! NSRegularExpression(pattern: "cipher [^\\s]+", options: []) private static let cipherRegexp = try! NSRegularExpression(pattern: "cipher [^\\s]+", options: [])
private let original: String
let ipv4: IPv4Settings? let ipv4: IPv4Settings?
@ -203,10 +207,12 @@ extension SessionProxy {
let cipher: SessionProxy.Cipher? let cipher: SessionProxy.Cipher?
init?(message: String) throws { init?(message: String) throws {
guard message.hasPrefix("PUSH_REPLY") else { guard message.hasPrefix(PushReply.prefix) else {
return nil return nil
} }
let prefixOffset = message.index(message.startIndex, offsetBy: PushReply.prefix.count)
original = String(message[prefixOffset..<message.endIndex])
var optTopologyArguments: [String]? var optTopologyArguments: [String]?
var optIfconfig4Arguments: [String]? var optIfconfig4Arguments: [String]?
var optGateway4Arguments: [String]? var optGateway4Arguments: [String]?
@ -380,6 +386,19 @@ extension SessionProxy {
self.peerId = peerId self.peerId = peerId
self.cipher = cipher self.cipher = cipher
} }
// MARK: CustomStringConvertible
var description: String {
let stripped = NSMutableString(string: original)
PushReply.authTokenRegexp.replaceMatches(
in: stripped,
options: [],
range: NSMakeRange(0, stripped.length),
withTemplate: "auth-token"
)
return stripped as String
}
} }
} }

5
TunnelKit/Sources/Core/SessionProxy.swift
View File

@ -875,7 +875,9 @@ public class SessionProxy {
return return
} }
log.debug("Received control message: \"\(message)\"") if CoreConfiguration.logsSensitiveData {
log.debug("Received control message: \"\(message)\"")
}
let reply: PushReply let reply: PushReply
do { do {
@ -883,6 +885,7 @@ public class SessionProxy {
return return
} }
reply = optionalReply reply = optionalReply
log.debug("Received PUSH_REPLY: \"\(reply)\"")
} catch let e { } catch let e {
deferStop(.shutdown, e) deferStop(.shutdown, e)
return return