From 96cbd0ef7f6184dd9d434a4587bad56b84d13bb6 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Sun, 4 Aug 2024 17:07:34 -0700
Subject: [PATCH] actions: Add error when likely parameters are not marked as
 secret

This is to ensure that secret parameter which must likely be marked as secret
are not marked as secret. The partially mitigates the biggest disadvantage of
printing all the parameters by default and marking exception, that is,
forgetting to mark.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 plinth/actions.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/plinth/actions.py b/plinth/actions.py
index 8b3710183..01e296961 100644
--- a/plinth/actions.py
+++ b/plinth/actions.py
@@ -272,6 +272,13 @@ def _check_privileged_action_arguments(func):
         if arg not in argspec.annotations:
             raise SyntaxError('All arguments must be annotated')
 
+    for arg_name, arg_value in argspec.annotations.items():
+        for keyword in ('password', 'passphrase', 'secret'):
+            if keyword in arg_name:
+                if arg_value not in [secret_str, secret_str | None]:
+                    raise SyntaxError(
+                        f'Argument {arg_name} should likely be a "secret_str"')
+
 
 def _get_privileged_action_module_name(func):
     """Figure out the module name of a privileged action."""