From 9d3097518240d52a5e735d6c85b1abd2259cfbfa Mon Sep 17 00:00:00 2001 From: AdmiringWorm Date: Mon, 24 Jan 2022 10:16:07 +0100 Subject: [PATCH] (#770) Disable showing of sensitive arguments This commit replaces the values in sensitive arguments to instead show the translatable string `[REDACTED ARGUMENT]` to ensure that sensitive arguments are not displayed to the user. This relies on the ArgumentUtility helper to detect whether the sensitive argument should be shown or not. --- .../Services/PackageArgumentsService.cs | 11 ++++++++++- .../Properties/Resources.Designer.cs | 11 ++++++++++- Source/ChocolateyGui.Common/Properties/Resources.resx | 3 +++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/Source/ChocolateyGui.Common.Windows/Services/PackageArgumentsService.cs b/Source/ChocolateyGui.Common.Windows/Services/PackageArgumentsService.cs index b016276b9..b73cb59d9 100644 --- a/Source/ChocolateyGui.Common.Windows/Services/PackageArgumentsService.cs +++ b/Source/ChocolateyGui.Common.Windows/Services/PackageArgumentsService.cs @@ -73,6 +73,8 @@ public IEnumerable DecryptPackageArgumentsFile(string id, string version ? arguments : _encryptionUtility.decrypt_string(arguments); + // Lets do a global check first to see if there are any sensitive arguments + // before we filter out the values used later. var sensitiveArgs = ArgumentsUtility.arguments_contain_sensitive_information(packageArgumentsUnencrypted); var packageArgumentsSplit = @@ -80,12 +82,19 @@ public IEnumerable DecryptPackageArgumentsFile(string id, string version foreach (var packageArgument in packageArgumentsSplit.or_empty_list_if_null()) { + var isSensitiveArgument = sensitiveArgs && ArgumentsUtility.arguments_contain_sensitive_information(packageArgument); + var packageArgumentSplit = packageArgument.Split(new[] { '=' }, 2, StringSplitOptions.RemoveEmptyEntries); + var optionName = packageArgumentSplit[0].to_string(); var optionValue = string.Empty; - if (packageArgumentSplit.Length == 2) + if (packageArgumentSplit.Length == 2 && isSensitiveArgument) + { + optionValue = L(nameof(Resources.PackageArgumentService_RedactedArgument)); + } + else if (packageArgumentSplit.Length == 2) { optionValue = packageArgumentSplit[1].to_string().remove_surrounding_quotes(); if (optionValue.StartsWith("'")) diff --git a/Source/ChocolateyGui.Common/Properties/Resources.Designer.cs b/Source/ChocolateyGui.Common/Properties/Resources.Designer.cs index 6070afbac..f73e77694 100644 --- a/Source/ChocolateyGui.Common/Properties/Resources.Designer.cs +++ b/Source/ChocolateyGui.Common/Properties/Resources.Designer.cs @@ -1928,6 +1928,15 @@ public static string LocalSourceViewModel_UpdateAvailableForChocolatey { } } + /// + /// Looks up a localized string similar to [REDACTED ARGUMENT]. + /// + public static string PackageArgumentService_RedactedArgument { + get { + return ResourceManager.GetString("PackageArgumentService_RedactedArgument", resourceCulture); + } + } + /// /// Looks up a localized string similar to Installed. /// @@ -2628,7 +2637,7 @@ public static string RemoteSourceView_SearchNoPackagesFoundHeading { } /// - /// Looks up a localized string similar to Got to the Previous Page. + /// Looks up a localized string similar to Go to the Previous Page. /// public static string RemoteSourceView_TooltipGoBackAPage { get { diff --git a/Source/ChocolateyGui.Common/Properties/Resources.resx b/Source/ChocolateyGui.Common/Properties/Resources.resx index a5cc94e58..17fbdc290 100644 --- a/Source/ChocolateyGui.Common/Properties/Resources.resx +++ b/Source/ChocolateyGui.Common/Properties/Resources.resx @@ -1346,4 +1346,7 @@ Please contact your System Administrator to enable this operation. Arguments for the Package {0} {0} = The Title of the package + + [REDACTED ARGUMENT] + \ No newline at end of file