mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 20:31:35 +00:00
debug_redaction added
Some checks failed
Build and test GAM / build (false, build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (false, build, 10, Build x86_64 macOS 15, macos-15-intel) (push) Has been cancelled
Build and test GAM / build (false, build, 11, Build Arm MacOS 26, macos-26) (push) Has been cancelled
Build and test GAM / build (false, build, 12, Build Intel Windows, windows-2025) (push) Has been cancelled
Build and test GAM / build (false, build, 13, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (false, build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (false, build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (false, build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (false, build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (false, build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (false, test, 14, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (false, test, 15, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (false, test, 16, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (false, test, 17, Test Python 3.15-dev, ubuntu-24.04, 3.15-dev) (push) Has been cancelled
Build and test GAM / build (true, test, 18, Test Python 3.14 freethread, ubuntu-24.04, 3.14) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-certs (push) Has been cancelled
Some checks failed
Build and test GAM / build (false, build, 1, Build Intel Ubuntu Jammy, ubuntu-22.04) (push) Has been cancelled
Build and test GAM / build (false, build, 10, Build x86_64 macOS 15, macos-15-intel) (push) Has been cancelled
Build and test GAM / build (false, build, 11, Build Arm MacOS 26, macos-26) (push) Has been cancelled
Build and test GAM / build (false, build, 12, Build Intel Windows, windows-2025) (push) Has been cancelled
Build and test GAM / build (false, build, 13, Build Arm Windows, windows-11-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 2, Build Intel Ubuntu Noble, ubuntu-24.04) (push) Has been cancelled
Build and test GAM / build (false, build, 3, Build Arm Ubuntu Noble, ubuntu-24.04-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 4, Build Arm Ubuntu Jammy, ubuntu-22.04-arm) (push) Has been cancelled
Build and test GAM / build (false, build, 5, Build Intel StaticX Legacy, ubuntu-22.04, yes) (push) Has been cancelled
Build and test GAM / build (false, build, 6, Build Arm StaticX Legacy, ubuntu-22.04-arm, yes) (push) Has been cancelled
Build and test GAM / build (false, build, 7, Build Intel MacOS, macos-13) (push) Has been cancelled
Build and test GAM / build (false, build, 8, Build Arm MacOS 14, macos-14) (push) Has been cancelled
Build and test GAM / build (false, build, 9, Build Arm MacOS 15, macos-15) (push) Has been cancelled
Build and test GAM / build (false, test, 14, Test Python 3.10, ubuntu-24.04, 3.10) (push) Has been cancelled
Build and test GAM / build (false, test, 15, Test Python 3.11, ubuntu-24.04, 3.11) (push) Has been cancelled
Build and test GAM / build (false, test, 16, Test Python 3.12, ubuntu-24.04, 3.12) (push) Has been cancelled
Build and test GAM / build (false, test, 17, Test Python 3.15-dev, ubuntu-24.04, 3.15-dev) (push) Has been cancelled
Build and test GAM / build (true, test, 18, Test Python 3.14 freethread, ubuntu-24.04, 3.14) (push) Has been cancelled
Build and test GAM / merge (push) Has been cancelled
Build and test GAM / publish (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Check for Google Root CA Updates / check-certs (push) Has been cancelled
This commit is contained in:
@@ -1,3 +1,11 @@
|
|||||||
|
7.26.00
|
||||||
|
|
||||||
|
Added `debug_redaction` Boolean variable to `gam.cfg`. When True, the default,
|
||||||
|
sensitive data like access/refresh tokens, client secret and authorization codes
|
||||||
|
are redacted from debug output. This allows you to post debug output without
|
||||||
|
compromising your account information. Even with debug redaction,
|
||||||
|
anything shared publicly should be double-checked for sensitive content.
|
||||||
|
|
||||||
7.25.01
|
7.25.01
|
||||||
|
|
||||||
Fixed bug in `gam config timezone <String>` to handle timezone abbreviations correctly;
|
Fixed bug in `gam config timezone <String>` to handle timezone abbreviations correctly;
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
||||||
__version__ = '7.25.01'
|
__version__ = '7.26.00'
|
||||||
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
||||||
|
|
||||||
#pylint: disable=wrong-import-position
|
#pylint: disable=wrong-import-position
|
||||||
@@ -375,9 +375,7 @@ YUBIKEY_VALUE_ERROR_RC = 85
|
|||||||
YUBIKEY_MULTIPLE_CONNECTED_RC = 86
|
YUBIKEY_MULTIPLE_CONNECTED_RC = 86
|
||||||
YUBIKEY_NOT_FOUND_RC = 87
|
YUBIKEY_NOT_FOUND_RC = 87
|
||||||
|
|
||||||
def redact_sensitive_google_text(text):
|
DEBUG_REDACTION_PATTERNS = [
|
||||||
replace_patterns = [
|
|
||||||
|
|
||||||
# Positional patterns that redact sensitive credentials based on their location
|
# Positional patterns that redact sensitive credentials based on their location
|
||||||
(r'(Bearer\s+)\S+', r'\1*****'), # access tokens and JWTs in auth header
|
(r'(Bearer\s+)\S+', r'\1*****'), # access tokens and JWTs in auth header
|
||||||
(r'([?&]refresh_token=)[^&]*', r'\1*****'), # refresh token URL parameter
|
(r'([?&]refresh_token=)[^&]*', r'\1*****'), # refresh token URL parameter
|
||||||
@@ -385,7 +383,7 @@ def redact_sensitive_google_text(text):
|
|||||||
(r'([?&]key=)[^&]*', r'\1*****'), # API key URL parameter
|
(r'([?&]key=)[^&]*', r'\1*****'), # API key URL parameter
|
||||||
(r'([?&]code=)[^&]*', r'\1*****'), # auth code URL parameter
|
(r'([?&]code=)[^&]*', r'\1*****'), # auth code URL parameter
|
||||||
|
|
||||||
# pattern match patterns that redact sensitive credentials based on known credential pattern
|
# Pattern match patterns that redact sensitive credentials based on known credential pattern
|
||||||
(r'ya29.[0-9A-Za-z-_]+', '*****'), # Access token
|
(r'ya29.[0-9A-Za-z-_]+', '*****'), # Access token
|
||||||
(r'1%2F%2F[0-9A-Za-z-_]{100}|1%2F%2F[0-9A-Za-z-_]{64}|1%2F%2F[0-9A-Za-z-_]{43}', '*****'), # Refresh token
|
(r'1%2F%2F[0-9A-Za-z-_]{100}|1%2F%2F[0-9A-Za-z-_]{64}|1%2F%2F[0-9A-Za-z-_]{43}', '*****'), # Refresh token
|
||||||
(r'4/[0-9A-Za-z-_]+', '*****'), # Auth code
|
(r'4/[0-9A-Za-z-_]+', '*****'), # Auth code
|
||||||
@@ -393,9 +391,6 @@ def redact_sensitive_google_text(text):
|
|||||||
(r'AIza[0-9A-Za-z-_]{35}', '*****'), # API key
|
(r'AIza[0-9A-Za-z-_]{35}', '*****'), # API key
|
||||||
(r'eyJ[a-zA-Z0-9\-_]+\.eyJ[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]*', '*****'), # JWT
|
(r'eyJ[a-zA-Z0-9\-_]+\.eyJ[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]*', '*****'), # JWT
|
||||||
]
|
]
|
||||||
for pattern, replace in replace_patterns:
|
|
||||||
text = re.sub(pattern, replace, text)
|
|
||||||
return text
|
|
||||||
|
|
||||||
def redactable_debug_print(*args):
|
def redactable_debug_print(*args):
|
||||||
processed_args = []
|
processed_args = []
|
||||||
@@ -406,7 +401,8 @@ def redactable_debug_print(*args):
|
|||||||
arg = sbytes.decode()
|
arg = sbytes.decode()
|
||||||
arg = arg.replace('\\r\\n', "\n ")
|
arg = arg.replace('\\r\\n', "\n ")
|
||||||
if GC.Values[GC.DEBUG_REDACTION]:
|
if GC.Values[GC.DEBUG_REDACTION]:
|
||||||
arg = redact_sensitive_google_text(arg)
|
for pattern, replace in DEBUG_REDACTION_PATTERNS:
|
||||||
|
arg = re.sub(pattern, replace, arg)
|
||||||
processed_args.append(arg)
|
processed_args.append(arg)
|
||||||
print(*processed_args)
|
print(*processed_args)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user