From 495f51e6ad48ec9bf14e063c16640abd28acfb74 Mon Sep 17 00:00:00 2001 From: Sander van Grieken Date: Fri, 6 Jan 2023 16:45:57 +0100 Subject: [PATCH] don't log sensitive wizard values --- electrum/gui/qml/components/wizard/Wizard.qml | 4 +-- electrum/gui/qml/qewizard.py | 2 +- electrum/wizard.py | 36 ++++++++++++++++--- 3 files changed, 34 insertions(+), 8 deletions(-) diff --git a/electrum/gui/qml/components/wizard/Wizard.qml b/electrum/gui/qml/components/wizard/Wizard.qml index 4597e903b..82de9fb2b 100644 --- a/electrum/gui/qml/components/wizard/Wizard.qml +++ b/electrum/gui/qml/components/wizard/Wizard.qml @@ -35,7 +35,7 @@ ElDialog { function _setWizardData(wdata) { wizard_data = {} Object.assign(wizard_data, wdata) // deep copy - console.log('wizard data is now :' + JSON.stringify(wizard_data)) + // console.log('wizard data is now :' + JSON.stringify(wizard_data)) } // helper function to dynamically load wizard page components @@ -77,7 +77,7 @@ ElDialog { }) page.prev.connect(function() { var wdata = wiz.prev() - console.log('prev view data: ' + JSON.stringify(wdata)) + // console.log('prev view data: ' + JSON.stringify(wdata)) }) pages.pagevalid = page.valid diff --git a/electrum/gui/qml/qewizard.py b/electrum/gui/qml/qewizard.py index c827c0da6..f00217327 100644 --- a/electrum/gui/qml/qewizard.py +++ b/electrum/gui/qml/qewizard.py @@ -24,7 +24,7 @@ class QEAbstractWizard(QObject): @pyqtSlot('QJSValue', result='QVariant') def submit(self, wizard_data): wdata = wizard_data.toVariant() - self._logger.debug(str(wdata)) + self.log_state(wdata) view = self.resolve_next(self._current.view, wdata) return { 'view': view.view, 'wizard_data': view.wizard_data } diff --git a/electrum/wizard.py b/electrum/wizard.py index 630c3d7d5..5356293ed 100644 --- a/electrum/wizard.py +++ b/electrum/wizard.py @@ -89,14 +89,16 @@ class AbstractWizard: self._current = new_view self._logger.debug(f'resolve_next view is {self._current.view}') - self._logger.debug('stack:' + repr(self._stack)) + self.log_stack(self._stack) return new_view def resolve_prev(self): prev_view = self._stack.pop() + self._logger.debug(f'resolve_prev view is {prev_view}') - self._logger.debug('stack:' + repr(self._stack)) + self.log_stack(self._stack) + self._current = prev_view return prev_view @@ -129,6 +131,33 @@ class AbstractWizard: self.stack = [] self._current = WizardViewState(None, {}, {}) + def log_stack(self, _stack): + logstr = 'wizard stack:' + stack = copy.deepcopy(_stack) + i = 0 + for item in stack: + self.sanitize_stack_item(item.wizard_data) + logstr += f'\n{i}: {repr(item.wizard_data)}' + i += 1 + self._logger.debug(logstr) + + def log_state(self, _current): + current = copy.deepcopy(_current) + self.sanitize_stack_item(current) + self._logger.debug(f'wizard current: {repr(current)}') + + def sanitize_stack_item(self, _stack_item): + sensitive_keys = ['seed', 'seed_extra_words', 'master_key', 'private_key_list', 'password'] + def sanitize(_dict): + for item in _dict: + if isinstance(_dict[item], dict): + sanitize(_dict[item]) + else: + if item in sensitive_keys: + _dict[item] = '' + sanitize(_stack_item) + + class NewWalletWizard(AbstractWizard): _logger = get_logger(__name__) @@ -170,9 +199,6 @@ class NewWalletWizard(AbstractWizard): 'multisig': { 'next': 'keystore_type' }, - # 'multisig_show_masterpubkey': { - # 'next': 'multisig_cosigner_keystore' - # }, 'multisig_cosigner_keystore': { # this view should set 'multisig_current_cosigner' 'next': self.on_cosigner_keystore_type },