From 39d0c03700b4decf2e44b947d11b0943c18e3047 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Sun, 4 Aug 2024 11:02:26 -0700 Subject: [PATCH] shadowsocksserver: Mark secret strings in privileged actions Tests: - Run affected privileged actions through UI and notice that secret strings are not logged. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- plinth/modules/shadowsocksserver/privileged.py | 5 +++-- plinth/modules/shadowsocksserver/views.py | 8 ++------ 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/plinth/modules/shadowsocksserver/privileged.py b/plinth/modules/shadowsocksserver/privileged.py index 1ea5f16d2..45406a8fc 100644 --- a/plinth/modules/shadowsocksserver/privileged.py +++ b/plinth/modules/shadowsocksserver/privileged.py @@ -8,7 +8,7 @@ import random import string from plinth import action_utils -from plinth.actions import privileged +from plinth.actions import privileged, secret_str SHADOWSOCKS_CONFIG_SYMLINK = '/etc/shadowsocks-libev/fbxserver.json' SHADOWSOCKS_CONFIG_ACTUAL = \ @@ -68,8 +68,9 @@ def _merge_config(config): @privileged -def merge_config(config: dict[str, str]): +def merge_config(password: secret_str, method: str): """Configure Shadowsocks Server.""" + config = {'password': password, 'method': method} _merge_config(config) # Don't try_restart because initial configuration may not be valid so diff --git a/plinth/modules/shadowsocksserver/views.py b/plinth/modules/shadowsocksserver/views.py index 7265eaa8b..2166c9825 100644 --- a/plinth/modules/shadowsocksserver/views.py +++ b/plinth/modules/shadowsocksserver/views.py @@ -43,12 +43,8 @@ class ShadowsocksServerAppView(views.AppView): if old_status['password'] != new_status['password'] or \ old_status['method'] != new_status['method']: - new_config = { - 'password': new_status['password'], - 'method': new_status['method'], - } - - privileged.merge_config(new_config) + privileged.merge_config(new_status['password'], + new_status['method']) messages.success(self.request, _('Configuration updated')) return super().form_valid(form)