aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2015-12-16 22:25:29 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2015-12-16 22:25:29 +0100
commitb77d2178be56354b76a91c14b0dbe6bbccb1cec7 (patch)
tree23752ab32ad5c9de2db2f380c4dc0cfca44b9817
parent8a4cfa905ed78bb1f46865c5d660337e8982e385 (diff)
downloadbugs-b77d2178be56354b76a91c14b0dbe6bbccb1cec7.tar
bugs-b77d2178be56354b76a91c14b0dbe6bbccb1cec7.tar.gz
bugs-b77d2178be56354b76a91c14b0dbe6bbccb1cec7.tar.bz2
bugs-b77d2178be56354b76a91c14b0dbe6bbccb1cec7.tar.xz
bugs-b77d2178be56354b76a91c14b0dbe6bbccb1cec7.zip
Bug 1232578: Don't save hashed passwords in audit_log
r/a=dkl
-rw-r--r--Bugzilla/Install/DB.pm27
-rw-r--r--Bugzilla/Object.pm20
2 files changed, 46 insertions, 1 deletions
diff --git a/Bugzilla/Install/DB.pm b/Bugzilla/Install/DB.pm
index 96f14ec0f..ed2539251 100644
--- a/Bugzilla/Install/DB.pm
+++ b/Bugzilla/Install/DB.pm
@@ -729,6 +729,9 @@ sub update_table_definitions {
# 2014-11-10 dkl@mozilla.com - Bug 1093928
$dbh->bz_drop_column('longdescs', 'is_markdown');
+ # 2015-12-16 LpSolit@gmail.com - Bug 1232578
+ _sanitize_audit_log_table();
+
################################################################
# New --TABLE-- changes should go *** A B O V E *** this point #
################################################################
@@ -3914,6 +3917,30 @@ sub _update_alias {
$dbh->bz_drop_column('bugs', 'alias');
}
+sub _sanitize_audit_log_table {
+ my $dbh = Bugzilla->dbh;
+
+ # Replace hashed passwords by a generic comment.
+ my $class = 'Bugzilla::User';
+ my $field = 'cryptpassword';
+
+ my $hashed_passwd =
+ $dbh->selectcol_arrayref('SELECT added FROM audit_log WHERE class = ? AND field = ?
+ AND ' . $dbh->sql_not_ilike('hashed_with_', 'added'),
+ undef, ($class, $field));
+ if (@$hashed_passwd) {
+ say "Sanitizing hashed passwords stored in the 'audit_log' table...";
+ my $sth = $dbh->prepare('UPDATE audit_log SET added = ?
+ WHERE class = ? AND field = ? AND added = ?');
+
+ foreach my $passwd (@$hashed_passwd) {
+ my (undef, $sanitized_passwd) =
+ Bugzilla::Object::_sanitize_audit_log($class, $field, [undef, $passwd]);
+ $sth->execute($sanitized_passwd, $class, $field, $passwd);
+ }
+ }
+}
+
1;
__END__
diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm
index 8f25e2b20..d43c8ca34 100644
--- a/Bugzilla/Object.pm
+++ b/Bugzilla/Object.pm
@@ -599,11 +599,29 @@ sub audit_log {
foreach my $field (keys %$changes) {
# Skip private changes.
next if $field =~ /^_/;
- my ($from, $to) = @{ $changes->{$field} };
+ my ($from, $to) = $self->_sanitize_audit_log($field, $changes->{$field});
$sth->execute($user_id, $class, $self->id, $field, $from, $to);
}
}
+sub _sanitize_audit_log {
+ my ($self, $field, $changes) = @_;
+ my $class = ref($self) || $self;
+
+ # Do not store hashed passwords. Only record the algorithm used to encode them.
+ if ($class eq 'Bugzilla::User' && $field eq 'cryptpassword') {
+ foreach my $passwd (@$changes) {
+ next unless $passwd;
+ my $algorithm = 'unknown_algorithm';
+ if ($passwd =~ /{([^}]+)}$/) {
+ $algorithm = $1;
+ }
+ $passwd = "hashed_with_$algorithm";
+ }
+ }
+ return @$changes;
+}
+
sub flatten_to_hash {
my $self = shift;
my $class = blessed($self);