From 64eb963025963da721b23fbbad89bc20ac3b5e3f Mon Sep 17 00:00:00 2001
From: Steffen Scheib <92300342+sscheib-rh@users.noreply.github.com>
Date: Wed, 11 Oct 2023 21:54:28 +0200
Subject: [PATCH] Cleaning SOS report passwords (#14557)

---
 tools/sosreport/controller.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/tools/sosreport/controller.py b/tools/sosreport/controller.py
index 8a2a9a57c1..ab71bb9fd5 100644
--- a/tools/sosreport/controller.py
+++ b/tools/sosreport/controller.py
@@ -74,3 +74,24 @@ class Controller(Plugin, RedHatPlugin):
             self.add_forbidden_path(path)
 
         self.add_cmd_output(SOSREPORT_CONTROLLER_COMMANDS)
+
+    def postproc(self):
+        # remove database password
+        jreg = r"(\s*\'PASSWORD\'\s*:(\s))(?:\"){1,}(.+)(?:\"){1,}"
+        repl = r"\1********"
+        self.do_path_regex_sub("/etc/tower/conf.d/postgres.py", jreg, repl)
+
+        # remove email password
+        jreg = r"(EMAIL_HOST_PASSWORD\s*=)\'(.+)\'"
+        repl = r"\1********"
+        self.do_path_regex_sub("/etc/tower/settings.py", jreg, repl)
+
+        # remove email password (if customized)
+        jreg = r"(EMAIL_HOST_PASSWORD\s*=)\'(.+)\'"
+        repl = r"\1********"
+        self.do_path_regex_sub("/etc/tower/conf.d/custom.py", jreg, repl)
+
+        # remove websocket secret
+        jreg = r"(BROADCAST_WEBSOCKET_SECRET\s*=\s*)\"(.+)\""
+        repl = r"\1********"
+        self.do_path_regex_sub("/etc/tower/conf.d/channels.py", jreg, repl)