From 55f8800a67f786c051017e971943258fad804cd1 Mon Sep 17 00:00:00 2001 From: Simon Let Date: Sun, 11 Aug 2019 17:33:31 +0200 Subject: [PATCH] write sanitized history to file, add sanitizer to install/make --- .gitignore | 1 + Makefile | 44 ++++++++++++++++++++++- sanitize-history/resh-sanitize-history.go | 43 ++++++++++++++++------ sanitizer_data/whitelist.txt | 1 + 4 files changed, 78 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index afd111b..38a9c83 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ resh-collect resh-daemon +resh-sanitize-history diff --git a/Makefile b/Makefile index b59032d..1f6631f 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,41 @@ GOFLAGS=-ldflags "-X main.Version=${VERSION} -X main.Revision=${REVISION}" autoinstall: ./install_helper.sh +sanitize: + # + # + # I'm going to create a sanitized version of your resh history. + # Everything is done locally - your history won't leave this machine. + # The way this works is that any sensitive information in your history is going to be replaced with its SHA1 hash. + # There is also going to be a second version with hashes trimed to 12 characters for readability + # + # + # > full hashes: ~/resh_history_sanitized.json + # > 12 char hashes: ~/resh_history_sanitized_trim12.json + # + # + # Encountered any issues? Got questions? -> Hit me up at https://github.com/curusarn/resh/issues + # + # + # Running history sanitization ... + resh-sanitize-history -trim-hashes 0 --output ~/resh_history_sanitized.json + resh-sanitize-history -trim-hashes 12 --output ~/resh_history_sanitized_trim12.json + # + # + # SUCCESS - ALL DONE! + # + # + # PLEASE HAVE A LOOK AT THE RESULT USING THESE COMMANDS: + # + # > pretty print JSON: + @echo 'cat ~/resh_history_sanitized_trim12.json | jq' + # + # > only show executed commands, don't show metadata: + @echo "cat ~/resh_history_sanitized_trim12.json | jq '.[\"cmdLine\"]'" + # + # + # + build: submodules resh-collect resh-daemon resh-sanitize-history @@ -41,24 +76,31 @@ install: build submodules/bash-preexec/bash-preexec.sh shellrc.sh config.toml uu # Final touch touch ~/.resh_history.json # + # + # ########################################################## # # # SUCCESS - thank you for trying out this project! # # # ########################################################## # + # # WHAT'S NEXT # Please RESTART ALL OPEN TERMINAL WINDOWS (or reload your rc files) # Your resh history is located in `~/.resh_history.json` # You can look at it using e.g. `tail -f ~/.resh_history.json | jq` # + # # ISSUES # If anything looks broken create an issue: https://github.com/curusarn/resh/issues # You can uninstall this at any time by running `rm -rf ~/.resh/` # You won't lose any collected history by removing `~/.resh` directory # + # # Please give me some contact info using this form: https://forms.gle/227SoyJ5c2iteKt98 # + # + # uninstall: # Uninstalling ... @@ -70,7 +112,7 @@ resh-daemon: daemon/resh-daemon.go common/resh-common.go version resh-collect: collect/resh-collect.go common/resh-common.go version go build ${GOFLAGS} -o $@ $< -resh-sanitize-history: collect/resh-sanitize-history.go common/resh-common.go version +resh-sanitize-history: sanitize-history/resh-sanitize-history.go common/resh-common.go version go build ${GOFLAGS} -o $@ $< $(HOME)/.resh $(HOME)/.resh/bin $(HOME)/.config: diff --git a/sanitize-history/resh-sanitize-history.go b/sanitize-history/resh-sanitize-history.go index 92d3cbe..9dbe9ea 100644 --- a/sanitize-history/resh-sanitize-history.go +++ b/sanitize-history/resh-sanitize-history.go @@ -38,7 +38,8 @@ func main() { showVersion := flag.Bool("version", false, "Show version and exit") showRevision := flag.Bool("revision", false, "Show git revision and exit") - // outputToStdout := flag.Bool("stdout", false, "Print output to stdout instead of file") + trimHashes := flag.Int("trim-hashes", 12, "Trim hashes to N characters (default: 12), 0 turns off trimming") + outputPath := flag.String("output", "", "Output file") flag.Parse() @@ -50,19 +51,31 @@ func main() { fmt.Println(Revision) os.Exit(0) } - sanitizer := sanitizer{hashLength: 4} + sanitizer := sanitizer{hashLength: *trimHashes} err := sanitizer.init(sanitizerDataPath) if err != nil { log.Fatal("Sanitizer init() error:", err) } - file, err := os.Open(historyPath) + inputFile, err := os.Open(historyPath) if err != nil { log.Fatal("Open() resh history file error:", err) } - defer file.Close() + defer inputFile.Close() - scanner := bufio.NewScanner(file) + var writer *bufio.Writer + useStdout := true + if len(*outputPath) > 0 { + useStdout = false + outputFile, err := os.Create(*outputPath) + if err != nil { + log.Fatal("Create() output file error:", err) + } + defer outputFile.Close() + writer = bufio.NewWriter(outputFile) + } + + scanner := bufio.NewScanner(inputFile) for scanner.Scan() { record := common.Record{} line := scanner.Text() @@ -84,7 +97,21 @@ func main() { log.Println("Line:", line) return } - fmt.Println(string(outLine)) + if useStdout { + fmt.Println(string(outLine)) + } else { + // fmt.Println(string(outLine)) + n, err := writer.WriteString(string(outLine) + "\n") + if err != nil { + log.Fatal(err) + } + if n == 0 { + log.Fatal("Nothing was written", n) + } + } + } + if useStdout == false { + writer.Flush() } } @@ -347,11 +374,9 @@ func (s *sanitizer) hashToken(token string) string { return token } // hash with sha1 - // trim to 12 characters h := sha1.New() h.Write([]byte(token)) sum := h.Sum(nil) - // TODO: extend hashes to 12 return s.trimHash(hex.EncodeToString(sum)) } @@ -359,8 +384,6 @@ func (s *sanitizer) hashNumericToken(token string) string { if len(token) <= 0 { return token } - // hash with fnv - // trim to 12 characters h := sha1.New() h.Write([]byte(token)) sum := h.Sum(nil) diff --git a/sanitizer_data/whitelist.txt b/sanitizer_data/whitelist.txt index 0ed66e8..e765f43 100644 --- a/sanitizer_data/whitelist.txt +++ b/sanitizer_data/whitelist.txt @@ -568,6 +568,7 @@ resize2fs resizepart resolvconf resolvectl +resh rev rfkill rgrep