From 9dfbfca17220f85bbbad768ae564bc0ca6c9b3d3 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Tue, 13 Aug 2013 17:31:22 +0200 Subject: avoid logging dummy password --- changes/bug_3416-do-not-log-pass | 1 + src/leap/mail/imap/service/imap.py | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 changes/bug_3416-do-not-log-pass diff --git a/changes/bug_3416-do-not-log-pass b/changes/bug_3416-do-not-log-pass new file mode 100644 index 0000000..137b7a3 --- /dev/null +++ b/changes/bug_3416-do-not-log-pass @@ -0,0 +1 @@ + o Avoid logging dummy password on imap server. Closes: #3416 diff --git a/src/leap/mail/imap/service/imap.py b/src/leap/mail/imap/service/imap.py index a4ffed6..1a8c15c 100644 --- a/src/leap/mail/imap/service/imap.py +++ b/src/leap/mail/imap/service/imap.py @@ -17,6 +17,8 @@ """ Imap service initialization """ +from copy import copy + import logging logger = logging.getLogger(__name__) @@ -71,7 +73,13 @@ class LeapIMAPServer(imap4.IMAP4Server): #self.theAccount = theAccount def lineReceived(self, line): - log.msg('rcv: %s' % line) + if "login" in line: + # avoid to log the pass, even though we are using a dummy auth + # by now. + msg = line[:7] + " [...]" + else: + msg = copy(line) + log.msg('rcv: %s' % msg) imap4.IMAP4Server.lineReceived(self, line) def authenticateLogin(self, username, password): -- cgit v1.2.3