From: daigo <beatles@users.sourceforge.jp>
Date: Thu, 5 Aug 2010 14:06:22 +0000 (+0900)
Subject: shogi_server/command.rb: Prevent a possible password from be logged in a log file... 
X-Git-Tag: 20170902~96
X-Git-Url: http://git.sourceforge.jp/view?p=shogi-server%2Fshogi-server.git;a=commitdiff_plain;h=335c9f947ec1752b706e416fbd1aab93abd138b6;hp=17a9b68e40eb545b4238150acd8f6f789b42cbcd

shogi_server/command.rb: Prevent a possible password from be logged in a log file when players send invalid LOGIN-like commands.

Thanks to Tomoyuki Kaneko for this idea.
---

diff --git a/changelog b/changelog
index ca8194b..71c5d92 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,10 @@
+2010-08-05  Daigo Moriwaki <daigo at debian dot org>
+
+	* [shogi-server]
+	  - shogi_server/command.rb: Prevent a possible password from be
+	    logged in a log file when players send invalid LOGIN-like commands.
+	    Thanks to Tomoyuki Kaneko for this idea.
+
 2010-08-03  Daigo Moriwaki <daigo at debian dot org>
 
 	* [shogi-server]
diff --git a/shogi_server/command.rb b/shogi_server/command.rb
index f604ea9..4ecb676 100644
--- a/shogi_server/command.rb
+++ b/shogi_server/command.rb
@@ -706,12 +706,17 @@ module ShogiServer
   class ErrorCommand < Command
     def initialize(str, player)
       super
+      @msg = nil
     end
+    attr_reader :msg
 
     def call
-      msg = "##[ERROR] unknown command %s\n" % [@str.chomp]
-      @player.write_safe(msg)
-      log_error(msg)
+      cmd = @str.chomp
+      # Aim to hide a possible password
+      cmd.gsub!(/LOGIN\s*(\w+)\s+.*/i, 'LOGIN \1...')
+      @msg = "##[ERROR] unknown command %s\n" % [cmd]
+      @player.write_safe(@msg)
+      log_error(@msg)
       return :continue
     end
   end
diff --git a/test/TC_command.rb b/test/TC_command.rb
index 455fdd8..fb2e134 100644
--- a/test/TC_command.rb
+++ b/test/TC_command.rb
@@ -210,6 +210,30 @@ class TestFactoryMethod < Test::Unit::TestCase
   def test_error
     cmd = ShogiServer::Command.factory("should_be_error", @p)
     assert_instance_of(ShogiServer::ErrorCommand, cmd)
+    cmd.call
+    assert_match /unknown command should_be_error/, cmd.msg
+  end
+
+  def test_error_login
+    cmd = ShogiServer::Command.factory("LOGIN hoge foo", @p)
+    assert_instance_of(ShogiServer::ErrorCommand, cmd)
+    cmd.call
+    assert_no_match /unknown command LOGIN hoge foo/, cmd.msg
+
+    cmd = ShogiServer::Command.factory("LOGin hoge foo", @p)
+    assert_instance_of(ShogiServer::ErrorCommand, cmd)
+    cmd.call
+    assert_no_match /unknown command LOGIN hoge foo/, cmd.msg
+
+    cmd = ShogiServer::Command.factory("LOGIN  hoge foo", @p)
+    assert_instance_of(ShogiServer::ErrorCommand, cmd)
+    cmd.call
+    assert_no_match /unknown command LOGIN hoge foo/, cmd.msg
+
+    cmd = ShogiServer::Command.factory("LOGINhoge foo", @p)
+    assert_instance_of(ShogiServer::ErrorCommand, cmd)
+    cmd.call
+    assert_no_match /unknown command LOGIN hoge foo/, cmd.msg
   end
 end