shogi_server/command.rb: Prevent a possible password from be logged in a log file...

author daigo <beatles@users.sourceforge.jp>

Thu, 5 Aug 2010 14:06:22 +0000 (23:06 +0900)

committer Daigo Moriwaki <daigo@debian.org>

Thu, 5 Aug 2010 14:06:22 +0000 (23:06 +0900)
author daigo <beatles@users.sourceforge.jp>
Thu, 5 Aug 2010 14:06:22 +0000 (23:06 +0900)
committer Daigo Moriwaki <daigo@debian.org>
Thu, 5 Aug 2010 14:06:22 +0000 (23:06 +0900)
diff --git a/changelog b/changelog

index ca8194b..71c5d92 100644 (file)
--- a/changelog
+++ b/changelog
@@ -1,3 +1,10 @@
+2010-08-05  Daigo Moriwaki <daigo at debian dot org>
+
+       * [shogi-server]
+         - shogi_server/command.rb: Prevent a possible password from be
+           logged in a log file when players send invalid LOGIN-like commands.
+           Thanks to Tomoyuki Kaneko for this idea.
+
  2010-08-03  Daigo Moriwaki <daigo at debian dot org>
  
         * [shogi-server]
diff --git a/shogi_server/command.rb b/shogi_server/command.rb

index f604ea9..4ecb676 100644 (file)
--- a/shogi_server/command.rb
+++ b/shogi_server/command.rb
@@ -706,12 +706,17 @@ module ShogiServer
    class ErrorCommand < Command
      def initialize(str, player)
        super
+      @msg = nil
      end
+    attr_reader :msg
  
      def call
-      msg = "##[ERROR] unknown command %s\n" % [@str.chomp]
-      @player.write_safe(msg)
-      log_error(msg)
+      cmd = @str.chomp
+      # Aim to hide a possible password
+      cmd.gsub!(/LOGIN\s*(\w+)\s+.*/i, 'LOGIN \1...')
+      @msg = "##[ERROR] unknown command %s\n" % [cmd]
+      @player.write_safe(@msg)
+      log_error(@msg)
        return :continue
      end
    end
diff --git a/test/TC_command.rb b/test/TC_command.rb

index 455fdd8..fb2e134 100644 (file)
--- a/test/TC_command.rb
+++ b/test/TC_command.rb
@@ -210,6 +210,30 @@ class TestFactoryMethod < Test::Unit::TestCase
    def test_error
      cmd = ShogiServer::Command.factory("should_be_error", @p)
      assert_instance_of(ShogiServer::ErrorCommand, cmd)
+    cmd.call
+    assert_match /unknown command should_be_error/, cmd.msg
+  end
+
+  def test_error_login
+    cmd = ShogiServer::Command.factory("LOGIN hoge foo", @p)
+    assert_instance_of(ShogiServer::ErrorCommand, cmd)
+    cmd.call
+    assert_no_match /unknown command LOGIN hoge foo/, cmd.msg
+
+    cmd = ShogiServer::Command.factory("LOGin hoge foo", @p)
+    assert_instance_of(ShogiServer::ErrorCommand, cmd)
+    cmd.call
+    assert_no_match /unknown command LOGIN hoge foo/, cmd.msg
+
+    cmd = ShogiServer::Command.factory("LOGIN  hoge foo", @p)
+    assert_instance_of(ShogiServer::ErrorCommand, cmd)
+    cmd.call
+    assert_no_match /unknown command LOGIN hoge foo/, cmd.msg
+
+    cmd = ShogiServer::Command.factory("LOGINhoge foo", @p)
+    assert_instance_of(ShogiServer::ErrorCommand, cmd)
+    cmd.call
+    assert_no_match /unknown command LOGIN hoge foo/, cmd.msg
    end
  end
author	daigo <beatles@users.sourceforge.jp>
	Thu, 5 Aug 2010 14:06:22 +0000 (23:06 +0900)
committer	Daigo Moriwaki <daigo@debian.org>
	Thu, 5 Aug 2010 14:06:22 +0000 (23:06 +0900)
changelog		patch \| blob \| history
shogi_server/command.rb		patch \| blob \| history
test/TC_command.rb		patch \| blob \| history