On 15/12/2022 17:57, Mira Limbeck wrote: > Since some users keep their passwords in the VM/CT configs as comments > and those are most of the time unnecessary when looking through the > report, filter those.
I'd rather have this optional, opt-out is fine, where the CLI gets a switch and the web interface gets a dialogue with a checkbox for filtering comments in guest configs. A lot of sane admins don't sprinkle plain text PWs into www-data readable plain text configs but possible relevant setup info. If you want to get this faster in it's fine to focus on CLI only for now, but I think some more options might be relevant for the report in the near term, be it filtering other stuff (e.g., public IP addresses) or also adding extra info (e.g., (parts of) journal/syslogs), so laying out a bit foundations for that now could be reused for that; but as said, no need to do all that now. Also please separate adding and using file2text and adding the filter part into two commits, those are different things. > > In addition to the comments, also filter the `cipassword` option > since it contains the hash of the password. > > To facilitate the filtering, a new sub 'file2text' is introduced that > can filter the file contents if required. > This sub replaces the 'cat ...' commands. > > Signed-off-by: Mira Limbeck <m.limb...@proxmox.com> > --- > I did not add print to STDERR in file2text for now since it got quite > chatty. > If this is wanted, I'll send a v2 adding it. But since file2text is also > called by dir2text the 'OK' at the end won't always align, especially > when dir2text is used. > > PVE/Report.pm | 48 +++++++++++++++++++++++++++++++++--------------- > 1 file changed, 33 insertions(+), 15 deletions(-) > > diff --git a/PVE/Report.pm b/PVE/Report.pm > index 90b7cb1c..7ebe98f7 100644 > --- a/PVE/Report.pm > +++ b/PVE/Report.pm > @@ -5,16 +5,34 @@ use warnings; > > use PVE::Tools; > > +my sub file2text { > + my ($file, $filter) = @_; > + my $text = "\n# cat $file\n"; I agree with the sentiment of Stefan's comment but comment something else that we do is IMO not ideal, tends to get out of date soon and might be hard to output a grep invocation that behaves really 1:1 as the code here does, or will do sometimes. So maybe just output something like: my $text = "\n# ". ($filter ? 'filtered' : '') ." cat $file\n"; > + > + my $contents = PVE::Tools::file_get_contents($file); > + if ($filter) { > + foreach my $line (split('\n', $contents)) { > + next if $line =~ m/^\s*#/; > + next if $line =~ m/^cipassword/; not sure if it's a good idea to just plainly filter, I mean only guest configs are setting $filter anyway, but IMO it's still a bid odd coupling; maybe switch to a $code-ref and calling that, with a filter_guest_config sub passed then on the call sites? _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel