summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Bailey <nbailey@shermanhoward.com>2018-07-06 09:59:12 -0600
committerytti <saku@ytti.fi>2018-07-07 12:09:03 +0300
commitedb784636de189707dedcd01857ecacf7b2a88fd (patch)
tree33f4c9739180dc1d3aa500885296600371a210a2
parentae2d1a202cdfa3c8dd488b8be045e025234913ae (diff)
Changes to secret filtering:
Fixed secret regex which would strip config after secret string (like "privilege 15") and which would not match on: "bsd-username test secret $1$FAKESTRINGblahblah" which is created whenever username secret is created. Added regex to filter password hashes for configs not using password 7 instead of secret such as: username test password 7 8888blahblah8888 privilege 4
-rw-r--r--lib/oxidized/model/ftos.rb3
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/oxidized/model/ftos.rb b/lib/oxidized/model/ftos.rb
index 3ef4de6..e5669a5 100644
--- a/lib/oxidized/model/ftos.rb
+++ b/lib/oxidized/model/ftos.rb
@@ -9,7 +9,8 @@ class FTOS < Oxidized::Model
cmd :secret do |cfg|
cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>'
- cfg.gsub! /secret (\d+) (\S+).*/, '<secret hidden>'
+ cfg.gsub! /(secret \d* {0,1})\S+(.*)/, '\\1<secret hidden>\\2'
+ cfg.gsub! /(password \d+) \S+(.*)/, '\\1 <hash hidden>\\2'
cfg
end