From 0703f4845201d9b59458cf36aa00f3b70d71744d Mon Sep 17 00:00:00 2001
From: Lu Yao Chen <luyao.chen@windriver.com>
Date: Mon, 16 Nov 2020 10:14:34 -0500
Subject: [PATCH] Hide sensitive information from fm-manager logs

Checks for key, will not log to /var/log/fm-manager.log
if key is password or connection, these fields contain
sensitive information.

Partial-Bug: 1896116

Change-Id: Ide879ecf3b81133c26f20b0854e796998429f279
Signed-off-by: Lu Yao Chen <luyao.chen@windriver.com>
---
 fm-common/sources/fmConfig.cpp  | 9 +++++++--
 fm-common/sources/fmConstants.h | 2 ++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/fm-common/sources/fmConfig.cpp b/fm-common/sources/fmConfig.cpp
index 967be210..32b19578 100644
--- a/fm-common/sources/fmConfig.cpp
+++ b/fm-common/sources/fmConfig.cpp
@@ -78,8 +78,13 @@ void fm_get_config_paramters() {
         }
         if (key.compare(FM_SQL_CONNECTION) != 0) {
             // Don't log sql_connection, as it has a password
-            FM_INFO_LOG("Config key (%s), value (%s)",
-                        key.c_str(), value.c_str());
+            if (key.compare(FM_CONF_PASSWORD) == 0 || key.compare(FM_CONF_CONNECTION) == 0) {
+                // Don't log password values
+                continue;
+            } else {
+                FM_INFO_LOG("Config key (%s), value (%s)",
+                    key.c_str(), value.c_str());
+            }
         }
     }
 }
diff --git a/fm-common/sources/fmConstants.h b/fm-common/sources/fmConstants.h
index 25568f50..954c28af 100644
--- a/fm-common/sources/fmConstants.h
+++ b/fm-common/sources/fmConstants.h
@@ -92,6 +92,8 @@
 #define FM_REGION_NAME               "region_name"
 #define FM_DEBUG_FLAG                "debug"
 #define FM_STRING_TRUE               "True"
+#define FM_CONF_PASSWORD             "password"
+#define FM_CONF_CONNECTION           "connection"
 
 #define CLEAR_ALL_REASON_TEXT        "System initiated hierarchical alarm clear"