Do not log user password in clear text

Instead the password should be masked and replaced with e.g. asterisks. Signed-off-by: Milan Lenco <[email protected]> (cherry picked from commit 0483f48)
milan-zededa · May 27, 2024 · 049c806 · 049c806
1 parent c2d6ae2
commit 049c806
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/pkg/wwan/mmagent/mmdbus/client.go b/pkg/wwan/mmagent/mmdbus/client.go
@@ -1357,9 +1357,12 @@ func (c *Client) reconfigureEpsBearerIfNotRegistered(modemObj dbus.BusObject,
 	}
 	var currentSettings map[string]dbus.Variant
 	_ = getDBusProperty(c, modemObj, Modem3GPPPropertyInitialEpsBearer, &currentSettings)
+	maskedPasswd := interface{}("***")
+	maskedVariantPasswd := dbus.MakeVariant(maskedPasswd)
 	c.log.Warnf("Modem %s is failing to register, "+
 		"trying to apply settings %+v for the initial EPS bearer (previously: %+v)",
-		modemObj.Path(), newSettings, currentSettings)
+		modemObj.Path(), maskPassword(newSettings, maskedPasswd),
+		maskPassword(currentSettings, maskedVariantPasswd))
 	err = c.callDBusMethod(modemObj, Modem3GPPMethodSetInitialEpsBearer, nil, newSettings)
 	if err != nil {
 		err = fmt.Errorf(
@@ -1372,6 +1375,19 @@ func (c *Client) reconfigureEpsBearerIfNotRegistered(modemObj dbus.BusObject,
 		modemObj, ModemStateRegistered, changeInitEPSBearerTimeout)
 }
 
+// maskPassword creates a copy of the original map with the "password" key's value masked
+func maskPassword[Type any](data map[string]Type, maskWith Type) map[string]Type {
+	maskedData := make(map[string]Type)
+	for key, value := range data {
+		if key == "password" {
+			maskedData[key] = maskWith
+		} else {
+			maskedData[key] = value
+		}
+	}
+	return maskedData
+}
+
 func (c *Client) setPreferredRATs(modemObj dbus.BusObject,
 	preferredRATs []types.WwanRAT) error {
 	var prefModes []uint32