From b77d2178be56354b76a91c14b0dbe6bbccb1cec7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Buclin?= Date: Wed, 16 Dec 2015 22:25:29 +0100 Subject: Bug 1232578: Don't save hashed passwords in audit_log r/a=dkl --- Bugzilla/Install/DB.pm | 27 +++++++++++++++++++++++++++ Bugzilla/Object.pm | 20 +++++++++++++++++++- 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/Bugzilla/Install/DB.pm b/Bugzilla/Install/DB.pm index 96f14ec0f..ed2539251 100644 --- a/Bugzilla/Install/DB.pm +++ b/Bugzilla/Install/DB.pm @@ -729,6 +729,9 @@ sub update_table_definitions { # 2014-11-10 dkl@mozilla.com - Bug 1093928 $dbh->bz_drop_column('longdescs', 'is_markdown'); + # 2015-12-16 LpSolit@gmail.com - Bug 1232578 + _sanitize_audit_log_table(); + ################################################################ # New --TABLE-- changes should go *** A B O V E *** this point # ################################################################ @@ -3914,6 +3917,30 @@ sub _update_alias { $dbh->bz_drop_column('bugs', 'alias'); } +sub _sanitize_audit_log_table { + my $dbh = Bugzilla->dbh; + + # Replace hashed passwords by a generic comment. + my $class = 'Bugzilla::User'; + my $field = 'cryptpassword'; + + my $hashed_passwd = + $dbh->selectcol_arrayref('SELECT added FROM audit_log WHERE class = ? AND field = ? + AND ' . $dbh->sql_not_ilike('hashed_with_', 'added'), + undef, ($class, $field)); + if (@$hashed_passwd) { + say "Sanitizing hashed passwords stored in the 'audit_log' table..."; + my $sth = $dbh->prepare('UPDATE audit_log SET added = ? + WHERE class = ? AND field = ? AND added = ?'); + + foreach my $passwd (@$hashed_passwd) { + my (undef, $sanitized_passwd) = + Bugzilla::Object::_sanitize_audit_log($class, $field, [undef, $passwd]); + $sth->execute($sanitized_passwd, $class, $field, $passwd); + } + } +} + 1; __END__ diff --git a/Bugzilla/Object.pm b/Bugzilla/Object.pm index 8f25e2b20..d43c8ca34 100644 --- a/Bugzilla/Object.pm +++ b/Bugzilla/Object.pm @@ -599,11 +599,29 @@ sub audit_log { foreach my $field (keys %$changes) { # Skip private changes. next if $field =~ /^_/; - my ($from, $to) = @{ $changes->{$field} }; + my ($from, $to) = $self->_sanitize_audit_log($field, $changes->{$field}); $sth->execute($user_id, $class, $self->id, $field, $from, $to); } } +sub _sanitize_audit_log { + my ($self, $field, $changes) = @_; + my $class = ref($self) || $self; + + # Do not store hashed passwords. Only record the algorithm used to encode them. + if ($class eq 'Bugzilla::User' && $field eq 'cryptpassword') { + foreach my $passwd (@$changes) { + next unless $passwd; + my $algorithm = 'unknown_algorithm'; + if ($passwd =~ /{([^}]+)}$/) { + $algorithm = $1; + } + $passwd = "hashed_with_$algorithm"; + } + } + return @$changes; +} + sub flatten_to_hash { my $self = shift; my $class = blessed($self); -- cgit v1.2.1