As part of the re-implementation of the Encrypted LVM proposal I needed
to store a password inside and object, but I didn't want to simply do
class SomeClass
attr_accessor :name
attr_accessor :password
end
because I felt it was relatively easy to leak the password to the logs
accidentally just by doing
log.info "A something object #{an_instance_of_that_class.inspect}"
Redefining #to_s and #inspect for every class containing a password is
cumbersome and error prone. So I decided to create an alternative to
attr_accessor with the same behavior but with enhanced protection
against leaks. So you can do
class SomeClass
include Yast::SecretAttributes
attr_accessor :name
secret_attr :password
end
And all calls to #to_s, #inspect are safe. Even using formatters like
pretty_print or awesome_print should be safe.
Here is a gist with two possible implementations. I would go for the
first one because is "less magic". But I also wanted to share the second
alternative because I consider it to be an interesting Ruby exercise
(redefining methods at instance level).
https://gist.github.com/ancorgs/3a9c08313cc0ed52cc759ac94b21fa56
Do you like it enough to be included in yast2 or should I keep it just
in the y2storage namespace?
Any obvious drawback in the implementation?
I'm writing RSpec tests right now, before you ask.
Cheers
--
Ancor González Sosa
YaST Team at SUSE Linux GmbH
--
To unsubscribe, e-mail: [email protected]
To contact the owner, e-mail: [email protected]
