Skip to content

Commit

Permalink
fix(smtp_server): attempt to redact plain-text passwords from log output
Browse files Browse the repository at this point in the history
  • Loading branch information
@adamcooke
adamcooke committed Jul 27, 2021
1 parent 1976649 commit fcb6361
Showing 1 changed file with 26 additions and 11 deletions.
37 changes: 26 additions & 11 deletions lib/postal/smtp_server/client.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ module SMTPServer
class Client

CRAM_MD5_DIGEST = OpenSSL::Digest.new('md5')
LOG_REDACTION_STRING = "[redacted]".freeze

attr_reader :logging_enabled

Expand Down Expand Up @@ -40,16 +41,29 @@ def id

def handle(data)
if @state == :preauth
proxy(data)
return proxy(data)
end

log "\e[32m<= #{sanitize_input_for_log(data.strip)}\e[0m"
if @proc
@proc.call(data)

else
if @proc
log "\e[32m<= #{data.strip}\e[0m"
@proc.call(data)
else
log "\e[32m<= #{data.strip}\e[0m"
handle_command(data)
handle_command(data)
end
end

def sanitize_input_for_log(data)
if @password_expected_next
@password_expected_next = false
if data =~ /\A[a-z0-9]{3,}\=*\z/i
return LOG_REDACTION_STRING
end
end

data = data.dup
data.gsub!(/(.*AUTH \w+) (.*)\z/i) { "#{$1} #{LOG_REDACTION_STRING}" }
data
end

def finished?
Expand Down Expand Up @@ -163,6 +177,7 @@ def auth_plain(data)
data = data.gsub(/AUTH PLAIN ?/i, '')
if data.strip == ''
@proc = handler
@password_expected_next = true
'334'
else
handler.call(data)
Expand All @@ -178,16 +193,16 @@ def auth_login(data)

username_handler = Proc.new do |data|
@proc = password_handler
'334 UGFzc3dvcmQ6'
@password_expected_next = true
'334 UGFzc3dvcmQ6' # "Password:"
end

data = data.gsub!(/AUTH LOGIN ?/i, '')
if data.strip == ''
@proc = username_handler
'334 VXNlcm5hbWU6'
'334 VXNlcm5hbWU6' # "Username:"
else
@proc = password_handler
'334 UGFzc3dvcmQ6'
username_handler.call(nil)
end
end

Expand Down

0 comments on commit fcb6361

Please sign in to comment.