Scrub Vagrant Cloud tokens from RestClient logger

2018-09-12 14:22:36 -07:00 · 2018-09-12 14:22:36 -07:00 · adefbbaf6e
parent e8115a4389
commit adefbbaf6e
3 changed files with 17 additions and 6 deletions
--- a/lib/vagrant.rb
+++ b/lib/vagrant.rb
@ -49,7 +49,16 @@ if ENV["VAGRANT_LOG"] && ENV["VAGRANT_LOG"] != ""
  # Set the logging level on all "vagrant" namespaced
  # logs as long as we have a valid level.
  if level
-    logger = Log4r::Logger.new("vagrant")
+    # NOTE: We must do this little hack to allow
+    # rest-client to write using the `<<` operator.
+    # See https://github.com/rest-client/rest-client/issues/34#issuecomment-290858
+    # for more information
+    class VagrantLogger < Log4r::Logger
+      def << (msg)
+        debug(msg.strip)
+      end
+    end
+    logger = VagrantLogger.new("vagrant")
    logger.outputters = Log4r::Outputter.stderr
    logger.level = level
    base_formatter = Log4r::BasicFormatter.new
@ -59,15 +68,14 @@ if ENV["VAGRANT_LOG"] && ENV["VAGRANT_LOG"] != ""
        date_pattern: "%F %T"
      )
    end
-    Log4r::Outputter.stderr.formatter = Vagrant::Util::LoggingFormatter.new(base_formatter)
-    logger = nil
-
    # Cloud gem uses RestClient to make HTTP requests, so
    # log them if debug is enabled
    if level == 1
-      # TODO: Need to ensure token is marked sensitive, if possible here
-      ENV["RESTCLIENT_LOG"] = "stdout"
+      require 'rest_client'
+      RestClient.log = logger
    end
+    Log4r::Outputter.stderr.formatter = Vagrant::Util::LoggingFormatter.new(base_formatter)
+    logger = nil
  end
 end

--- a/plugins/commands/cloud/client/client.rb
+++ b/plugins/commands/cloud/client/client.rb
@ -40,6 +40,7 @@ module VagrantPlugins
      def logged_in?
        token = self.token
        return false if !token
+        Vagrant::Util::CredentialScrubber.sensitive(token)

        with_error_handling do
          url = "#{Vagrant.server_url}/api/v1/authenticate" +
--- a/plugins/commands/cloud/util.rb
+++ b/plugins/commands/cloud/util.rb
@ -37,6 +37,7 @@ module VagrantPlugins
              env.ui.output("Vagrant Cloud URL: #{Vagrant.server_url}")
            end

+            options = {} if !options
            # Ask for the username
            if options[:login]
              @_client.username_or_email = options[:login]
@ -75,6 +76,7 @@ module VagrantPlugins
            end

            @_client.store_token(token)
+            Vagrant::Util::CredentialScrubber.sensitive(token)
            env.ui.success(I18n.t("cloud_command.logged_in"))
            @_client
          end