don't log sensitive wizard values

3 years ago · 495f51e6ad
3 changed files with 34 additions and 8 deletions
--- a/electrum/gui/qml/components/wizard/Wizard.qml
+++ b/electrum/gui/qml/components/wizard/Wizard.qml
@ -35,7 +35,7 @@ ElDialog {
    function _setWizardData(wdata) {
        wizard_data = {}
        Object.assign(wizard_data, wdata) // deep copy
-        console.log('wizard data is now :' + JSON.stringify(wizard_data))
+        // console.log('wizard data is now :' + JSON.stringify(wizard_data))
    }

    // helper function to dynamically load wizard page components
@ -77,7 +77,7 @@ ElDialog {
        })
        page.prev.connect(function() {
            var wdata = wiz.prev()
-            console.log('prev view data: ' + JSON.stringify(wdata))
+            // console.log('prev view data: ' + JSON.stringify(wdata))
        })

        pages.pagevalid = page.valid
--- a/electrum/gui/qml/qewizard.py
+++ b/electrum/gui/qml/qewizard.py
@ -24,7 +24,7 @@ class QEAbstractWizard(QObject):
    @pyqtSlot('QJSValue', result='QVariant')
    def submit(self, wizard_data):
        wdata = wizard_data.toVariant()
-        self._logger.debug(str(wdata))
+        self.log_state(wdata)
        view = self.resolve_next(self._current.view, wdata)
        return { 'view': view.view, 'wizard_data': view.wizard_data }

--- a/electrum/wizard.py
+++ b/electrum/wizard.py
@ -89,14 +89,16 @@ class AbstractWizard:
        self._current = new_view

        self._logger.debug(f'resolve_next view is {self._current.view}')
-        self._logger.debug('stack:' + repr(self._stack))
+        self.log_stack(self._stack)

        return new_view

    def resolve_prev(self):
        prev_view = self._stack.pop()
+
        self._logger.debug(f'resolve_prev view is {prev_view}')
-        self._logger.debug('stack:' + repr(self._stack))
+        self.log_stack(self._stack)
+
        self._current = prev_view
        return prev_view

@ -129,6 +131,33 @@ class AbstractWizard:
        self.stack = []
        self._current = WizardViewState(None, {}, {})

+    def log_stack(self, _stack):
+        logstr = 'wizard stack:'
+        stack = copy.deepcopy(_stack)
+        i = 0
+        for item in stack:
+            self.sanitize_stack_item(item.wizard_data)
+            logstr += f'\n{i}: {repr(item.wizard_data)}'
+            i += 1
+        self._logger.debug(logstr)
+
+    def log_state(self, _current):
+        current = copy.deepcopy(_current)
+        self.sanitize_stack_item(current)
+        self._logger.debug(f'wizard current: {repr(current)}')
+
+    def sanitize_stack_item(self, _stack_item):
+        sensitive_keys = ['seed', 'seed_extra_words', 'master_key', 'private_key_list', 'password']
+        def sanitize(_dict):
+            for item in _dict:
+                if isinstance(_dict[item], dict):
+                    sanitize(_dict[item])
+                else:
+                    if item in sensitive_keys:
+                        _dict[item] = '<sensitive value removed>'
+        sanitize(_stack_item)
+
+
 class NewWalletWizard(AbstractWizard):

    _logger = get_logger(__name__)
@ -170,9 +199,6 @@ class NewWalletWizard(AbstractWizard):
            'multisig': {
                'next': 'keystore_type'
            },
-            # 'multisig_show_masterpubkey': {
-            #     'next': 'multisig_cosigner_keystore'
-            # },
            'multisig_cosigner_keystore': { # this view should set 'multisig_current_cosigner'
                'next': self.on_cosigner_keystore_type
            },