dont sanitize single char tokens, add file extensions to whitelist, minor giturl fix

6 years ago · c48b819589
parent c9f703bc7f
commit c48b819589
2 changed files with 79 additions and 3 deletions
--- a/sanitize-history/resh-sanitize-history.go
+++ b/sanitize-history/resh-sanitize-history.go
@ -264,6 +264,9 @@ func (s *sanitizer) sanitizeCmdLine(cmdLine string) (string, error) {
 }
 func (s *sanitizer) sanitizeGitURL(rawURL string) (string, error) {
 	if len(rawURL) <= 0 {
 		return rawURL, nil
 	}
 	parsedURL, err := giturls.Parse(rawURL)
 	if err != nil {
 		return rawURL, err
@ -272,6 +275,9 @@ func (s *sanitizer) sanitizeGitURL(rawURL string) (string, error) {
 }
 func (s *sanitizer) sanitizeURL(rawURL string) (string, error) {
 	if len(rawURL) <= 0 {
 		return rawURL, nil
 	}
 	parsedURL, err := url.Parse(rawURL)
 	if err != nil {
 		return rawURL, err
@ -280,7 +286,6 @@ func (s *sanitizer) sanitizeURL(rawURL string) (string, error) {
 }
 func (s *sanitizer) sanitizeParsedURL(parsedURL *url.URL) (string, error) {
 	// Scheme string
 	parsedURL.Opaque = s.sanitizeToken(parsedURL.Opaque)
 	userinfo := parsedURL.User.Username() // only get username => password won't even make it to the sanitized data
@ -330,7 +335,8 @@ func (s *sanitizer) sanitizeTwoPartToken(token string, delimeter string) (string
 func (s *sanitizer) sanitizeCmdToken(token string) (string, error) {
 	// there shouldn't be tokens with letters or digits mixed together with symbols
-	if len(token) <= 0 {
+	if len(token) <= 1 {
 		// NOTE: do not sanitize single letter tokens
 		return token, nil
 	}
 	if s.whitelist[token] == true {
@ -366,7 +372,8 @@ func (s *sanitizer) sanitizeCmdToken(token string) (string, error) {
 }
 func (s *sanitizer) sanitizeToken(token string) string {
-	if len(token) <= 0 {
+	if len(token) <= 1 {
 		// NOTE: do not sanitize single letter tokens
 		return token
 	}
 	if s.whitelist[token] {
--- a/sanitizer_data/whitelist.txt
+++ b/sanitizer_data/whitelist.txt
@ -33,6 +33,8 @@ arch
 arpd
 arping
 as
 asm
 au
 autoload
 awk
 b2sum
@ -49,11 +51,13 @@ bin
 bind
 bindkey
 bisect
 blend
 blkdeactivate
 blkdiscard
 blkid
 blkzone
 blockdev
 bmp
 boot
 bootctl
 branch
@ -65,6 +69,7 @@ builtin
 bunzip2
 busctl
 bye
 bz2
 bzcat
 bzcmp
 bzdiff
@ -76,6 +81,7 @@ bzip2
 bzip2recover
 bzless
 bzmore
 c
 cal
 ca-legacy
 caller
@ -84,9 +90,11 @@ captoinfo
 case
 cat
 catchsegv
 cc
 cd
 certutil
 cfdisk
 cfg
 c++filt
 chacl
 chage
@ -109,6 +117,7 @@ chroot
 chrt
 chsh
 cksum
 class
 clear
 clear_console
 clock
@ -141,6 +150,7 @@ compset
 comptags
 comptry
 compvalues
 conf
 continue
 convert
 coproc
@ -148,6 +158,7 @@ coredumpctl
 cp
 cpgr
 cpio
 cpp
 cppw
 cracklib-check
 cracklib-format
@ -156,6 +167,8 @@ cracklib-unpacker
 create-cracklib-dict
 crlutil
 csplit
 css
 csv
 ctrlaltdel
 ctstat
 curl
@ -164,6 +177,7 @@ cvtsudoers
 cz
 dash
 date
 db
 db_archive
 db_checkpoint
 db_deadlock
@ -191,6 +205,7 @@ dbus-update-activation-environment
 dbus-uuidgen
 db_verify
 dd
 deb
 debconf
 debconf-apt-progress
 debconf-communicate
@ -207,6 +222,7 @@ delgroup
 delpart
 deluser
 depmod
 desktop
 dev
 devlink
 df
@ -243,6 +259,7 @@ dpkg-split
 dpkg-statoverride
 dpkg-trigger
 dracut
 dtd
 du
 dumpe2fs
 dwp
@ -334,6 +351,7 @@ getopt
 getopts
 getpcaps
 getty
 gif
 gio
 gio-launch-desktop
 gio-querymodules-64
@ -369,8 +387,10 @@ grpunconv
 gsettings
 gtar
 gunzip
 gz
 gzexe
 gzip
 h
 halt
 hardlink
 hash
@ -382,6 +402,8 @@ home
 hostid
 hostname
 hostnamectl
 htm
 html
 http
 https
 hwclock
@ -414,6 +436,8 @@ ipcrm
 ipcs
 ischroot
 isosize
 jar
 java
 jobs
 join
 journalctl
@ -423,6 +447,9 @@ kill
 killall5
 kmod
 kpartx
 ksp
 kss
 kwd
 last
 lastb
 lastlog
@ -486,15 +513,21 @@ lusermod
 lz4
 lz4c
 lz4cat
 m3u
 m4a
 m4p
 machinectl
 make
 makedb
 makedeltarpm
 make-dummy-cert
 man
 mapfile
 mawk
 mcookie
 md5
 md5sum
 md5sums
 md5sum.textutils
 media
 merge
@ -518,6 +551,7 @@ mkpasswd
 mkswap
 mktemp
 mnt
 mo
 modinfo
 modprobe
 modulemd-validator-v1
@ -525,6 +559,8 @@ modutil
 more
 mount
 mountpoint
 mp3
 mpg
 mv
 namei
 nawk
@ -546,9 +582,11 @@ nproc
 nsenter
 nstat
 numfmt
 o
 objcopy
 objdump
 od
 ogg
 oldfind
 openssl
 opt
@ -567,12 +605,17 @@ pam_timestamp_check
 partx
 passwd
 paste
 patch
 pathchk
 pdf
 perl
 perl5.26.1
 perl5.28.1
 pgawk
 pgrep
 php
 phps
 phtml
 pidof
 pinentry
 pinentry-curses
@ -588,11 +631,15 @@ pivot_root
 pk12util
 pkg-config
 pkill
 pl
 pldd
 pls
 pmap
 png
 policy-rc.d
 popd
 portablectl
 pov
 poweroff
 pr
 print
@ -601,6 +648,7 @@ printf
 private
 prlimit
 proc
 properties
 ps
 ptx
 pull
@ -615,9 +663,12 @@ pwhistory_helper
 pwmake
 pwscore
 pwunconv
 py
 pyc
 pydoc
 pydoc3
 pydoc3.7
 pyo
 python
 python2
 python2.7
@ -630,6 +681,8 @@ r
 ranlib
 raw
 rbash
 rc
 rdf
 rdisc
 rdma
 read
@ -685,6 +738,7 @@ rpmquery
 rpmverify
 rtacct
 rtcwake
 rtf
 rtmon
 rtstat
 run
@ -695,6 +749,7 @@ run-parts
 runuser
 rvi
 rview
 s
 sasldblistusers2
 saslpasswd2
 savelog
@ -731,6 +786,7 @@ sha256sum
 sha384sum
 sha512sum
 shadowconfig
 share
 sh.distrib
 shift
 shopt
@ -748,6 +804,7 @@ slabtop
 sleep
 sln
 snice
 so
 sort
 sotruss
 source
@ -821,6 +878,8 @@ telinit
 tempfile
 test
 testgdbm
 tga
 tgz
 then
 tic
 time
@ -843,9 +902,11 @@ truncate
 trust
 tset
 tsort
 ttf
 tty
 ttyctl
 tune2fs
 txt
 type
 typeset
 tzconfig
@ -907,6 +968,7 @@ wait
 wall
 watch
 watchgnupg
 wav
 wc
 wdctl
 weak-modules
@ -923,9 +985,14 @@ w.procps
 write
 x86_64
 xargs
 xbel
 xml
 xmlcatalog
 xmllint
 xmlwf
 xpm
 xsd
 xsl
 xz
 xzcat
 xzcmp
@ -948,6 +1015,7 @@ yum-debug-dump
 yum-debug-restore
 yumdownloader
 yum-groups-manager
 Z
 zcat
 zcmp
 zcompile
@ -959,6 +1027,7 @@ zforce
 zformat
 zgrep
 zic
 zip
 zle
 zless
 zmodload