AaronFiore/electrum
1
0
Fork 0
Code Activity

don't log sensitive wizard values

Browse Source
This commit is contained in:
Sander van Grieken
2023-01-06 16:45:57 +01:00
parent 7f0f09a90b
commit 495f51e6ad
3 changed files with 34 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
electrum/gui/qml/components/wizard/Wizard.qml
View File

@@ -35,7 +35,7 @@ ElDialog {
function _setWizardData(wdata) { function _setWizardData(wdata) {
wizard_data = {} wizard_data = {}
Object.assign(wizard_data, wdata) // deep copy Object.assign(wizard_data, wdata) // deep copy
console.log('wizard data is now :' + JSON.stringify(wizard_data)) // console.log('wizard data is now :' + JSON.stringify(wizard_data))
} }
// helper function to dynamically load wizard page components // helper function to dynamically load wizard page components
@@ -77,7 +77,7 @@ ElDialog {
}) })
page.prev.connect(function() { page.prev.connect(function() {
var wdata = wiz.prev() var wdata = wiz.prev()
console.log('prev view data: ' + JSON.stringify(wdata)) // console.log('prev view data: ' + JSON.stringify(wdata))
}) })
pages.pagevalid = page.valid pages.pagevalid = page.valid

2
electrum/gui/qml/qewizard.py
View File

@@ -24,7 +24,7 @@ class QEAbstractWizard(QObject):
@pyqtSlot('QJSValue', result='QVariant') @pyqtSlot('QJSValue', result='QVariant')
def submit(self, wizard_data): def submit(self, wizard_data):
wdata = wizard_data.toVariant() wdata = wizard_data.toVariant()
self._logger.debug(str(wdata)) self.log_state(wdata)
view = self.resolve_next(self._current.view, wdata) view = self.resolve_next(self._current.view, wdata)
return { 'view': view.view, 'wizard_data': view.wizard_data } return { 'view': view.view, 'wizard_data': view.wizard_data }

36
electrum/wizard.py
View File

@@ -89,14 +89,16 @@ class AbstractWizard:
self._current = new_view self._current = new_view
self._logger.debug(f'resolve_next view is {self._current.view}') self._logger.debug(f'resolve_next view is {self._current.view}')
self._logger.debug('stack:' + repr(self._stack)) self.log_stack(self._stack)
return new_view return new_view
def resolve_prev(self): def resolve_prev(self):
prev_view = self._stack.pop() prev_view = self._stack.pop()
self._logger.debug(f'resolve_prev view is {prev_view}') self._logger.debug(f'resolve_prev view is {prev_view}')
self._logger.debug('stack:' + repr(self._stack)) self.log_stack(self._stack)
self._current = prev_view self._current = prev_view
return prev_view return prev_view
@@ -129,6 +131,33 @@ class AbstractWizard:
self.stack = [] self.stack = []
self._current = WizardViewState(None, {}, {}) self._current = WizardViewState(None, {}, {})
def log_stack(self, _stack):
logstr = 'wizard stack:'
stack = copy.deepcopy(_stack)
i = 0
for item in stack:
self.sanitize_stack_item(item.wizard_data)
logstr += f'\n{i}: {repr(item.wizard_data)}'
i += 1
self._logger.debug(logstr)
def log_state(self, _current):
current = copy.deepcopy(_current)
self.sanitize_stack_item(current)
self._logger.debug(f'wizard current: {repr(current)}')
def sanitize_stack_item(self, _stack_item):
sensitive_keys = ['seed', 'seed_extra_words', 'master_key', 'private_key_list', 'password']
def sanitize(_dict):
for item in _dict:
if isinstance(_dict[item], dict):
sanitize(_dict[item])
else:
if item in sensitive_keys:
_dict[item] = '<sensitive value removed>'
sanitize(_stack_item)
class NewWalletWizard(AbstractWizard): class NewWalletWizard(AbstractWizard):
_logger = get_logger(__name__) _logger = get_logger(__name__)
@@ -170,9 +199,6 @@ class NewWalletWizard(AbstractWizard):
'multisig': { 'multisig': {
'next': 'keystore_type' 'next': 'keystore_type'
}, },
# 'multisig_show_masterpubkey': {
# 'next': 'multisig_cosigner_keystore'
# },
'multisig_cosigner_keystore': { # this view should set 'multisig_current_cosigner' 'multisig_cosigner_keystore': { # this view should set 'multisig_current_cosigner'
'next': self.on_cosigner_keystore_type 'next': self.on_cosigner_keystore_type
}, },