Fixed IOS model to redact only secrets

The secrets configuration for IOS would the full contents of any line
containing a secret. Instead, just redact the secret, keeping the rest
of line instact for

"enable secret 5 SeCre7" was replaced by "<secret hidden>". Now it is
now replaced by "enable secret 5 <secret hidden>".

1 files changed, 7 insertions, 7 deletions

diff --git a/lib/oxidized/model/ios.rb b/lib/oxidized/model/ios.rb
index 0596f90..9fda128 100644
--- a/lib/oxidized/model/ios.rb
+++ b/lib/oxidized/model/ios.rb
@@ -26,14 +26,14 @@ class IOS < Oxidized::Model
 
   cmd :secret do |cfg|
     cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>'
-    cfg.gsub! /username (\S+) privilege (\d+) (\S+).*/, '<secret hidden>'
-    cfg.gsub! /^username \S+ password \d \S+/, '<secret hidden>'
-    cfg.gsub! /^username \S+ secret \d \S+/, '<secret hidden>'
-    cfg.gsub! /^enable (password|secret) \d \S+/, '<secret hidden>'
+    cfg.gsub! /^(username \S+ privilege \d+) (\S+).*/, '\\1 <secret hidden>'
+    cfg.gsub! /^(username \S+ password \d) (\S+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(username \S+ secret \d) (\S+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(enable (password|secret) \d) (\S+)/, '\\1 <secret hidden>'
     cfg.gsub! /^(\s+(?:password|secret)) (?:\d )?\S+/, '\\1 <secret hidden>'
-    cfg.gsub! /wpa-psk ascii \d \S+/, '<secret hidden>'
-    cfg.gsub! /key 7 \d.+/, '<secret hidden>'
-    cfg.gsub! /^tacacs-server key \d \S+/, '<secret hidden>'
+    cfg.gsub! /^(.*wpa-psk ascii \d) (\S+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(.*key 7) (\d.+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(tacacs-server key \d) (\S+)/, '\\1 <secret hidden>'
     cfg
   end