From e4c485f53abad48babecee96a0e4a0594572d950 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Fern=C3=A1ndez=20Rodr=C3=ADguez?=
 <pafernan@redhat.com>
Date: Thu, 26 Sep 2024 12:57:56 +0200
Subject: [PATCH] [foreman] [foreman_proxy] Add ALL_PROXY and NO_PROXY to
 collected env_vars
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Resolves: #3788

Signed-off-by: Pablo Fernández Rodríguez <pafernan@redhat.com>
---
 sos/report/plugins/__init__.py      | 15 +++++++++++++++
 sos/report/plugins/anaconda.py      |  9 +++++----
 sos/report/plugins/apt.py           | 12 ++----------
 sos/report/plugins/foreman.py       |  7 ++++++-
 sos/report/plugins/foreman_proxy.py |  7 ++++++-
 sos/report/plugins/system.py        |  6 ++++++
 sos/report/plugins/systemd.py       |  7 +++++++
 7 files changed, 47 insertions(+), 16 deletions(-)

diff --git a/sos/report/plugins/__init__.py b/sos/report/plugins/__init__.py
index f88f0c0d26..9b54c68a12 100644
--- a/sos/report/plugins/__init__.py
+++ b/sos/report/plugins/__init__.py
@@ -1313,6 +1313,21 @@ def do_file_sub(self, srcpath, regexp, subst):
             replacements = 0
         return replacements
 
+    def do_paths_http_sub(self, pathspecs):
+        """ Obfuscate credentials in *_PROXY variables in all files in the
+        given list. Proxy setting without protocol is ignored, since that
+        is not recommended setting and obfuscating that one can hit false
+        positives.
+
+        :param pathspecs: A filepath to obfuscate credentials in
+        :type pathspecs: ``str`` or a ``list`` of strings
+        """
+        if isinstance(pathspecs, str):
+            pathspecs = [pathspecs]
+        for path in pathspecs:
+            self.do_path_regex_sub(
+                path, r"(http(s)?://)\S+:\S+(@.*)", r"\1******:******\3")
+
     def do_path_regex_sub(self, pathexp, regexp, subst):
         """Apply a regexp substituation to a set of files archived by
         sos. The set of files to be substituted is generated by matching
diff --git a/sos/report/plugins/anaconda.py b/sos/report/plugins/anaconda.py
index 78577d3f7e..77f54d650a 100644
--- a/sos/report/plugins/anaconda.py
+++ b/sos/report/plugins/anaconda.py
@@ -24,21 +24,21 @@ class Anaconda(Plugin, RedHatPlugin):
 
     def setup(self):
 
-        paths = [
+        self.copypaths = [
             "/root/anaconda-ks.cfg"
         ]
 
         if self.path_isdir('/var/log/anaconda'):
             # new anaconda
-            paths.append('/var/log/anaconda')
+            self.copypaths.append('/var/log/anaconda')
         else:
-            paths = paths + [
+            self.copypaths = self.copypaths + [
                 "/var/log/anaconda.*",
                 "/root/install.log",
                 "/root/install.log.syslog"
             ]
 
-        self.add_copy_spec(paths)
+        self.add_copy_spec(self.copypaths)
 
     def postproc(self):
         self.do_file_sub(
@@ -51,5 +51,6 @@ def postproc(self):
             r"(user.*--password=*\s*)\s*(\S*)",
             r"\1********"
         )
+        self.do_paths_http_sub(self.copypaths)
 
 # vim: set et ts=4 sw=4 :
diff --git a/sos/report/plugins/apt.py b/sos/report/plugins/apt.py
index 857a11b6fe..464cfb983f 100644
--- a/sos/report/plugins/apt.py
+++ b/sos/report/plugins/apt.py
@@ -48,19 +48,11 @@ def setup(self):
     def postproc(self):
         super().postproc()
 
-        common_regex = r"(http(s)?://)\S+:\S+(@.*)"
-        common_replace = r"\1******:******\3"
-
-        files_to_sub = [
+        self.do_paths_http_sub([
             "/etc/apt/sources.list",
             "/etc/apt/sources.list.d/",
             "/etc/apt/apt.conf",
             "/etc/apt/apt.conf.d/",
-        ]
-
-        for file in files_to_sub:
-            self.do_path_regex_sub(
-                file, common_regex, common_replace
-            )
+        ])
 
 # vim: set et ts=4 sw=4 :
diff --git a/sos/report/plugins/foreman.py b/sos/report/plugins/foreman.py
index f3d3f4ad37..c18cac9ddf 100644
--- a/sos/report/plugins/foreman.py
+++ b/sos/report/plugins/foreman.py
@@ -297,7 +297,12 @@ def collect_proxies(self):
                                         timeout=10)
 
         # collect http[|s]_proxy env.variables
-        self.add_env_var(["http_proxy", "https_proxy"])
+        self.add_env_var([
+            'HTTP_PROXY',
+            'HTTPS_PROXY',
+            'NO_PROXY',
+            'ALL_PROXY',
+        ])
 
     def build_query_cmd(self, query, csv=False, binary="psql"):
         """
diff --git a/sos/report/plugins/foreman_proxy.py b/sos/report/plugins/foreman_proxy.py
index 5f684be259..e958e25946 100644
--- a/sos/report/plugins/foreman_proxy.py
+++ b/sos/report/plugins/foreman_proxy.py
@@ -42,7 +42,12 @@ def setup(self):
         ])
 
         # collect http[|s]_proxy env.variables
-        self.add_env_var(["http_proxy", "https_proxy"])
+        self.add_env_var([
+            'HTTP_PROXY',
+            'HTTPS_PROXY',
+            'NO_PROXY',
+            'ALL_PROXY',
+        ])
 
     def postproc(self):
         self.do_path_regex_sub(
diff --git a/sos/report/plugins/system.py b/sos/report/plugins/system.py
index cc282dc1bb..fcba116162 100644
--- a/sos/report/plugins/system.py
+++ b/sos/report/plugins/system.py
@@ -40,5 +40,11 @@ def setup(self):
             "ld.so --list-tunables"
         ])
 
+    def postproc(self):
+        self.do_paths_http_sub([
+            "/etc/sysconfig",
+            "/etc/default",
+            "/etc/environment",
+        ])
 
 # vim: set et ts=4 sw=4 :
diff --git a/sos/report/plugins/systemd.py b/sos/report/plugins/systemd.py
index a50a155e36..b23b32febc 100644
--- a/sos/report/plugins/systemd.py
+++ b/sos/report/plugins/systemd.py
@@ -95,4 +95,11 @@ def setup(self):
         ])
         self.add_forbidden_path('/dev/null')
 
+    def postproc(self):
+        self.do_paths_http_sub([
+            "/etc/systemd/system",
+            "/lib/systemd/system",
+            "/run/systemd/system",
+        ])
+
 # vim: set et ts=4 sw=4 :