hash env urls with passwords

wanderingstan · wanderingstan · commit 2ba2cb76fee5 · 2019-08-16T08:58:01.000+02:00
diffenv-version: 0.2.0

directory:

  listing:
    tests: 160, 1565678433.2291105, DIR
    setup.py: 733, 1565686663.53653, 7c1c3a03e40fe2a8d3d35cd9b8e396c4
    facets: 96, 1565678335.6676767, DIR
    examples: 160, 1565526937.9334917, DIR
    example_config.yaml: 45, 1564670036.66021, 759eab2b0f2d79bd2c0991820fa76787
    env.yaml: 9557, 1565529046.05771, 10189a68cae562b4b15176c628584ea1
    dist: 128, 1565525687.4886672, DIR
    diffenv.egg-info: 256, 1565525994.236996, DIR
    diffenv: 288, 1565687026.3474302, DIR
    build: 160, 1565525325.6887057, DIR
    bin: 96, 1565800452.866075, DIR
    __pycache__: 96, 1564129273.2804494, DIR
    README.md: 2588, 1565678335.68020, f3438f14dc6bdadfddc7d24668bc2302
    MANIFEST.in: 68, 1565686663.53471, edff356a00ba1b5f0660d5514ebb5fb5
    LICENSE: 1070, 1563971721.10152, bbd2cb1a41f404058e170e74a725bb18
    .vscode: 128, 1565036334.5557442, DIR
    .travis.yml: 814, 1565623659.24969, d7278269a9794d1260164b15942c0c60
    .gitignore: 1221, 1565035870.68035, 3b1c12c1ca4e89f3c929c73c4427f846
    .github: 96, 1565526937.9326942, DIR
    .git: 544, 1565938682.6729553, DIR
    .diffenv: 192, 1565528757.891121, DIR
    .DS_Store: 6148, 1564760143.68363, df20c99511081bcbf44de38d832fbe70

  path: /Users/stan/code/diffenv

git:

  git-remote: |-
    origin	git@github.com:error-central/diffenv.git (fetch)
    origin	git@github.com:error-central/diffenv.git (push)

  git-status: |-
    On branch master
    Your branch is behind 'origin/master' by 20 commits, and can be fast-forwarded.
      (use "git pull" to update your local branch)

    Changes to be committed:
      (use "git reset HEAD &lt;file&gt;..." to unstage)

    	modified:   diffenv/facets/shell/envvars

    Changes not staged for commit:
      (use "git add &lt;file&gt;..." to update what will be committed)
      (use "git checkout -- &lt;file&gt;..." to discard changes in working directory)

    	modified:   bin/diffenv
    	modified:   examples/config-small.yaml

    Untracked files:
      (use "git add &lt;file&gt;..." to include in what will be committed)

    	env.yaml

  git-user-email: stan@wanderingstan.com

  git-user-name: Stan James

  version: git version 2.22.0

os:

  timezone: 0200

  version: Darwin 18.7.0 x86_64

python:

  pip-packages:
    astroid: 2.2.5
    autopep8: 1.4.4
    bleach: 3.1.0
    certifi: 2019.6.16
    chardet: 3.0.4
    colorama: 0.4.1
    diffenv: 0.2.0
    docutils: 0.15.2
    gitdb2: 2.0.5
    GitPython: 2.1.13
    idna: 2.8
    importlib-metadata: 0.19
    isort: 4.3.21
    lazy-object-proxy: 1.4.1
    mccabe: 0.6.1
    pip: 19.0.3
    pkginfo: 1.5.0.1
    psutil: 5.6.3
    pycodestyle: 2.5.0
    Pygments: 2.4.2
    pylint: 2.3.1
    readme-renderer: 24.0
    requests: 2.22.0
    requests-toolbelt: 0.9.1
    ruamel.yaml: 0.16.0
    ruamel.yaml.clib: 0.1.0
    setuptools: 41.0.1
    six: 1.12.0
    smmap2: 2.0.5
    tqdm: 4.33.0
    twine: 1.13.0
    typed-ast: 1.4.0
    urllib3: 1.25.3
    webencodings: 0.5.1
    wheel: 0.33.4
    wrapt: 1.11.2
    zipp: 0.5.2

  pip3-packages:
    astroid: 2.2.5
    autopep8: 1.4.4
    bleach: 3.1.0
    certifi: 2019.6.16
    chardet: 3.0.4
    colorama: 0.4.1
    diffenv: 0.2.0
    docutils: 0.15.2
    gitdb2: 2.0.5
    GitPython: 2.1.13
    idna: 2.8
    importlib-metadata: 0.19
    isort: 4.3.21
    lazy-object-proxy: 1.4.1
    mccabe: 0.6.1
    pip: 19.0.3
    pkginfo: 1.5.0.1
    psutil: 5.6.3
    pycodestyle: 2.5.0
    Pygments: 2.4.2
    pylint: 2.3.1
    readme-renderer: 24.0
    requests: 2.22.0
    requests-toolbelt: 0.9.1
    ruamel.yaml: 0.16.0
    ruamel.yaml.clib: 0.1.0
    setuptools: 41.0.1
    six: 1.12.0
    smmap2: 2.0.5
    tqdm: 4.33.0
    twine: 1.13.0
    typed-ast: 1.4.0
    urllib3: 1.25.3
    webencodings: 0.5.1
    wheel: 0.33.4
    wrapt: 1.11.2
    zipp: 0.5.2

  python-version: Python 3.7.3

  python3-version: Python 3.7.3

  virtualenv: |

  which-python: /usr/local/opt/python/libexec/bin/python

  which-python3: /usr/local/bin/python3

shell:

  envvars:
    AMD_ENTRYPOINT: vs/workbench/services/extensions/node/extensionHostProcess
    APPLICATION_INSIGHTS_NO_DIAGNOSTIC_CHANNEL: 'true'
    Apple_PubSub_Socket_Render: /private/tmp/com.apple.launchd.obyCxwiqZk/Render
    CLICOLOR: '1'
    DISPLAY: /private/tmp/com.apple.launchd.iqAX0LXCVg/org.macosforge.xquartz:0
    EDITOR: sublw
    ELECTRON_RUN_AS_NODE: '1'
    GIT_ASKPASS(HASHED): f7f6c93b472769a7f435573524ec859c(HASH)
    GIT_AUTHOR_DATE: '@1565938681 +0200'
    GIT_AUTHOR_EMAIL: stan@wanderingstan.com
    GIT_AUTHOR_NAME: Stan James
    GIT_EDITOR: ':'
    GIT_EXEC_PATH: /usr/local/Cellar/git/2.22.0/libexec/git-core
    GIT_INDEX_FILE: .git/index
    GIT_PREFIX: ''
    HISTTIMEFORMAT: '%Y-%m-%d_%H-%M-%S; '
    HOME: /Users/stan
    ISODATETIME: '2019-08-15 15:41:37'
    LANG: en_US.UTF-8
    LC_ALL: en_US.UTF-8
    LOGNAME: stan
    LSCOLORS: GxFxCxDxBxegedabagaced
    NVM_BIN: /Users/stan/.nvm/versions/node/v10.16.0/bin
    NVM_CD_FLAGS: ''
    NVM_DIR: /Users/stan/.nvm
    PATH: /usr/local/Cellar/git/2.22.0/libexec/git-core:/Users/stan/Library/Python/3.7/bin:/usr/local/opt/python/libexec/bin:/usr/local/opt/sqlite/bin:/Users/stan/.nvm/versions/node/v10.16.0/bin:/usr/local/cuda/bin:/usr/local/sbin:/usr/local/bin:/usr/local/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/MacGPG2/bin:/opt/X11/bin:/Users/stan/bin
    PIPE_LOGGING: 'true'
    PWD: /Users/stan/code/diffenv
    SHELL: /bin/bash
    SHLVL: '2'
    SSH_AUTH_SOCK: /private/tmp/com.apple.launchd.E89PogHTQB/Listeners
    TERM: xterm-color
    TMPDIR: /var/folders/9n/2vf6_x0s79bdzphhpyk83fnr0000gn/T/
    USER: stan
    VERBOSE_LOGGING: 'true'
    VSCODE_GIT_ASKPASS_HANDLE(HASHED): b3fdd4e40648b4fec81bff0e7e3a04b7(HASH)
    VSCODE_GIT_ASKPASS_MAIN(HASHED): 6af3c36a10ecc53c09c312b7cfdf594b(HASH)
    VSCODE_GIT_ASKPASS_NODE(HASHED): 806450b4398ff983c7937491b19c4ece(HASH)
    VSCODE_GIT_COMMAND: commit
    VSCODE_HANDLES_UNCAUGHT_ERRORS: 'true'
    VSCODE_IPC_HOOK: /Users/stan/Library/Application Support/Code/1.37.0-main.sock
    VSCODE_IPC_HOOK_EXTHOST: /var/folders/9n/2vf6_x0s79bdzphhpyk83fnr0000gn/T/vscode-ipc-faf6c560-d34c-461d-8e70-b22a90eb007b.sock
    VSCODE_LOGS: /Users/stan/Library/Application Support/Code/logs/20190815T154136
    VSCODE_LOG_STACK: 'false'
    VSCODE_NLS_CONFIG: '{"locale":"en-us","availableLanguages":{},"_languagePackSupport":true}'
    VSCODE_NODE_CACHED_DATA_DIR: /Users/stan/Library/Application Support/Code/CachedData/036a6b1d3ac84e5ca96a17a44e63a87971f8fcc8
    VSCODE_PID: '6372'
    VSCODE_PREVENT_FOREIGN_INSPECT: 'true'
    XPC_FLAGS: '0x0'
    XPC_SERVICE_NAME: '0'
    _: /usr/local/bin/diffenv
    __CF_USER_TEXT_ENCODING: 0x1F5:0x0:0x0
    __PYVENV_LAUNCHER__: /usr/local/bin/python3

  shell-version: GNU bash, version 3.2.57(1)-release (x86_64-apple-darwin18) Copyright
    (C) 2007 Free Software Foundation, Inc.
diff --git a/diffenv/facets/shell/envvars b/diffenv/facets/shell/envvars
@@ -6,6 +6,7 @@ import os
 import sys
 from typing import Tuple
 import hashlib
+from urllib.parse import urlparse
 
 # Return a YAML list of all environment variables, with sensitive ones hashed.
 
@@ -18,8 +19,13 @@ def filter_sensitive_vars(env_var: Tuple[str, str]):
     then just return the hash of the value.
     Input is a env var tuple, e.g. ('SHELL','/bin/bash')
     """
-    sensitive_pattern_list = ['KEY', 'SECRET']
     (key, value) = env_var
+    # URLs with passwords
+    parts = urlparse(value)
+    if parts.password:
+        return (key + '(HASHED)', hashlib.md5(str(value).encode("utf-8")).hexdigest() + '(HASH)')
+    # var names
+    sensitive_pattern_list = ['KEY', 'SECRET', 'PASSWORD', 'PASS']
     if any(pattern.upper() in key.upper() for pattern in sensitive_pattern_list):
         return (key + '(HASHED)', hashlib.md5(str(value).encode("utf-8")).hexdigest() + '(HASH)')
     else:
