dont sanitize single char tokens, add file extensions to whitelist, minor giturl fix

6 years ago · c48b819589
parent c9f703bc7f
commit c48b819589
2 changed files with 79 additions and 3 deletions
--- a/sanitize-history/resh-sanitize-history.go
+++ b/sanitize-history/resh-sanitize-history.go
@ -264,6 +264,9 @@ func (s *sanitizer) sanitizeCmdLine(cmdLine string) (string, error) {
 }

 func (s *sanitizer) sanitizeGitURL(rawURL string) (string, error) {
+	if len(rawURL) <= 0 {
+		return rawURL, nil
+	}
 	parsedURL, err := giturls.Parse(rawURL)
 	if err != nil {
 		return rawURL, err
@ -272,6 +275,9 @@ func (s *sanitizer) sanitizeGitURL(rawURL string) (string, error) {
 }

 func (s *sanitizer) sanitizeURL(rawURL string) (string, error) {
+	if len(rawURL) <= 0 {
+		return rawURL, nil
+	}
 	parsedURL, err := url.Parse(rawURL)
 	if err != nil {
 		return rawURL, err
@ -280,7 +286,6 @@ func (s *sanitizer) sanitizeURL(rawURL string) (string, error) {
 }

 func (s *sanitizer) sanitizeParsedURL(parsedURL *url.URL) (string, error) {
-	// Scheme string
 	parsedURL.Opaque = s.sanitizeToken(parsedURL.Opaque)

 	userinfo := parsedURL.User.Username() // only get username => password won't even make it to the sanitized data
@ -330,7 +335,8 @@ func (s *sanitizer) sanitizeTwoPartToken(token string, delimeter string) (string

 func (s *sanitizer) sanitizeCmdToken(token string) (string, error) {
 	// there shouldn't be tokens with letters or digits mixed together with symbols
-	if len(token) <= 0 {
+	if len(token) <= 1 {
+		// NOTE: do not sanitize single letter tokens
 		return token, nil
 	}
 	if s.whitelist[token] == true {
@ -366,7 +372,8 @@ func (s *sanitizer) sanitizeCmdToken(token string) (string, error) {
 }

 func (s *sanitizer) sanitizeToken(token string) string {
-	if len(token) <= 0 {
+	if len(token) <= 1 {
+		// NOTE: do not sanitize single letter tokens
 		return token
 	}
 	if s.whitelist[token] {
--- a/sanitizer_data/whitelist.txt
+++ b/sanitizer_data/whitelist.txt
@ -33,6 +33,8 @@ arch
 arpd
 arping
 as
+asm
+au
 autoload
 awk
 b2sum
@ -49,11 +51,13 @@ bin
 bind
 bindkey
 bisect
+blend
 blkdeactivate
 blkdiscard
 blkid
 blkzone
 blockdev
+bmp
 boot
 bootctl
 branch
@ -65,6 +69,7 @@ builtin
 bunzip2
 busctl
 bye
+bz2
 bzcat
 bzcmp
 bzdiff
@ -76,6 +81,7 @@ bzip2
 bzip2recover
 bzless
 bzmore
+c
 cal
 ca-legacy
 caller
@ -84,9 +90,11 @@ captoinfo
 case
 cat
 catchsegv
+cc
 cd
 certutil
 cfdisk
+cfg
 c++filt
 chacl
 chage
@ -109,6 +117,7 @@ chroot
 chrt
 chsh
 cksum
+class
 clear
 clear_console
 clock
@ -141,6 +150,7 @@ compset
 comptags
 comptry
 compvalues
+conf
 continue
 convert
 coproc
@ -148,6 +158,7 @@ coredumpctl
 cp
 cpgr
 cpio
+cpp
 cppw
 cracklib-check
 cracklib-format
@ -156,6 +167,8 @@ cracklib-unpacker
 create-cracklib-dict
 crlutil
 csplit
+css
+csv
 ctrlaltdel
 ctstat
 curl
@ -164,6 +177,7 @@ cvtsudoers
 cz
 dash
 date
+db
 db_archive
 db_checkpoint
 db_deadlock
@ -191,6 +205,7 @@ dbus-update-activation-environment
 dbus-uuidgen
 db_verify
 dd
+deb
 debconf
 debconf-apt-progress
 debconf-communicate
@ -207,6 +222,7 @@ delgroup
 delpart
 deluser
 depmod
+desktop
 dev
 devlink
 df
@ -243,6 +259,7 @@ dpkg-split
 dpkg-statoverride
 dpkg-trigger
 dracut
+dtd
 du
 dumpe2fs
 dwp
@ -334,6 +351,7 @@ getopt
 getopts
 getpcaps
 getty
+gif
 gio
 gio-launch-desktop
 gio-querymodules-64
@ -369,8 +387,10 @@ grpunconv
 gsettings
 gtar
 gunzip
+gz
 gzexe
 gzip
+h
 halt
 hardlink
 hash
@ -382,6 +402,8 @@ home
 hostid
 hostname
 hostnamectl
+htm
+html
 http
 https
 hwclock
@ -414,6 +436,8 @@ ipcrm
 ipcs
 ischroot
 isosize
+jar
+java
 jobs
 join
 journalctl
@ -423,6 +447,9 @@ kill
 killall5
 kmod
 kpartx
+ksp
+kss
+kwd
 last
 lastb
 lastlog
@ -486,15 +513,21 @@ lusermod
 lz4
 lz4c
 lz4cat
+m3u
+m4a
+m4p
 machinectl
 make
 makedb
 makedeltarpm
 make-dummy-cert
+man
 mapfile
 mawk
 mcookie
+md5
 md5sum
+md5sums
 md5sum.textutils
 media
 merge
@ -518,6 +551,7 @@ mkpasswd
 mkswap
 mktemp
 mnt
+mo
 modinfo
 modprobe
 modulemd-validator-v1
@ -525,6 +559,8 @@ modutil
 more
 mount
 mountpoint
+mp3
+mpg
 mv
 namei
 nawk
@ -546,9 +582,11 @@ nproc
 nsenter
 nstat
 numfmt
+o
 objcopy
 objdump
 od
+ogg
 oldfind
 openssl
 opt
@ -567,12 +605,17 @@ pam_timestamp_check
 partx
 passwd
 paste
+patch
 pathchk
+pdf
 perl
 perl5.26.1
 perl5.28.1
 pgawk
 pgrep
+php
+phps
+phtml
 pidof
 pinentry
 pinentry-curses
@ -588,11 +631,15 @@ pivot_root
 pk12util
 pkg-config
 pkill
+pl
 pldd
+pls
 pmap
+png
 policy-rc.d
 popd
 portablectl
+pov
 poweroff
 pr
 print
@ -601,6 +648,7 @@ printf
 private
 prlimit
 proc
+properties
 ps
 ptx
 pull
@ -615,9 +663,12 @@ pwhistory_helper
 pwmake
 pwscore
 pwunconv
+py
+pyc
 pydoc
 pydoc3
 pydoc3.7
+pyo
 python
 python2
 python2.7
@ -630,6 +681,8 @@ r
 ranlib
 raw
 rbash
+rc
+rdf
 rdisc
 rdma
 read
@ -685,6 +738,7 @@ rpmquery
 rpmverify
 rtacct
 rtcwake
+rtf
 rtmon
 rtstat
 run
@ -695,6 +749,7 @@ run-parts
 runuser
 rvi
 rview
+s
 sasldblistusers2
 saslpasswd2
 savelog
@ -731,6 +786,7 @@ sha256sum
 sha384sum
 sha512sum
 shadowconfig
+share
 sh.distrib
 shift
 shopt
@ -748,6 +804,7 @@ slabtop
 sleep
 sln
 snice
+so
 sort
 sotruss
 source
@ -821,6 +878,8 @@ telinit
 tempfile
 test
 testgdbm
+tga
+tgz
 then
 tic
 time
@ -843,9 +902,11 @@ truncate
 trust
 tset
 tsort
+ttf
 tty
 ttyctl
 tune2fs
+txt
 type
 typeset
 tzconfig
@ -907,6 +968,7 @@ wait
 wall
 watch
 watchgnupg
+wav
 wc
 wdctl
 weak-modules
@ -923,9 +985,14 @@ w.procps
 write
 x86_64
 xargs
+xbel
+xml
 xmlcatalog
 xmllint
 xmlwf
+xpm
+xsd
+xsl
 xz
 xzcat
 xzcmp
@ -948,6 +1015,7 @@ yum-debug-dump
 yum-debug-restore
 yumdownloader
 yum-groups-manager
+Z
 zcat
 zcmp
 zcompile
@ -959,6 +1027,7 @@ zforce
 zformat
 zgrep
 zic
+zip
 zle
 zless
 zmodload