[Feature] Command Argument STDOUT/capistrano.log Hiding

.gitignore

@@ -6,3 +6,4 @@ bin/rake
 .vagrant*
 test/tmp
 Gemfile.lock
+.idea

CHANGELOG.md

@@ -6,6 +6,7 @@ appear at the top.
 ## [Unreleased][]
 
   * Your contribution here!
+  * [#430](https://github.com/capistrano/sshkit/pull/430): [Feature] Command Argument STDOUT/capistrano.log Hiding - [@NorseGaud](https://github.com/NorseGaud)
 
 ## [1.16.1][] (2018-05-20)
 

README.md

@@ -443,6 +443,33 @@ SSHKit.config.output = SSHKit::Formatter::Pretty.new(output)
 SSHKit.config.output = SSHKit::Formatter::SimpleText.new(File.open('log/deploy.log', 'wb'))
 ```
 
+#### Output & Log Redaction
+
+If necessary, redact() can be used on a section of your execute arguments to hide it from both STDOUT and the capistrano.log. It does not support an Array or Hash.
+
+```ruby
+# Example from capistrano-postgresql gem
+execute(:psql, fetch(:pg_system_db), '-c', %Q{"CREATE USER \\"#{fetch(:pg_username)}\\" PASSWORD}, redact("'#{fetch(:pg_password)}'"), %Q{;"})
+```
+*Take a special note:* SSHKIT will automatically add a space in-between each argument in `execute`. When quoting a password, like the above, you should include the quotes within redact().
+Once wrapped, sshkit logging will replace the actual pg_password with a *REDACTED* value:
+
+```
+# STDOUT
+00:00 postgresql:create_database_user
+      01 sudo -i -u postgres psql -d postgres -c "CREATE USER \"db_admin_user\" PASSWORD *REDACTED* ;"
+      01 CREATE ROLE
+    ✔ 01 user@localhost 0.099s
+
+# capistrano.log
+INFO [59dbd2ba] Running /usr/bin/env sudo -i -u postgres psql -d postgres -c "CREATE USER \"db_admin_user\" PASSWORD *REDACTED* ;" as user@localhost
+DEBUG [59dbd2ba] Command: ( export PATH="$HOME/.gem/ruby/2.5.0/bin:$PATH" ; /usr/bin/env sudo -i -u postgres psql -d postgres -c "CREATE USER \"db_admin_user\" PASSWORD *REDACTED* ;" )
+DEBUG [529b623c] CREATE ROLE
+
+```
+
+Yet, the created database user will have the value from `fetch(:pg_password)`.
+
 #### Output Colors
 
 By default, SSHKit will color the output using ANSI color escape sequences

lib/sshkit/backends/netssh.rb

@@ -96,6 +96,12 @@ def config
         end
       end
 
+
+      def redact(arg) # Used in execute_command to hide redact() values user passes in
+        raise ArgumentError, 'redact() does not support Array or Hash' if arg.is_a?(Array) || arg.is_a?(Hash)
+        ['*REDACTED*',arg]
+      end
+
       private
 
       def transfer_summarizer(action, options = {})
@@ -123,7 +129,9 @@ def transfer_summarizer(action, options = {})
       end
 
       def execute_command(cmd)
+        cmd.options[:redacted] = true
         output.log_command_start(cmd)
+        cmd.options[:redacted] = false
         cmd.started = true
         exit_status = nil
         with_ssh do |ssh|

lib/sshkit/command.rb

@@ -206,7 +206,14 @@ def to_command
 
     def to_s
       if should_map?
-        [SSHKit.config.command_map[command.to_sym], *Array(args)].join(' ')
+        if options[:redacted]
+          new_args = args.map{|arg| arg.is_a?(Array) && arg[0] == '*REDACTED*' ? arg[0] : arg }.join(' ')
+        elsif !options[:redacted]
+          new_args = args.map{|arg| arg.is_a?(Array) && arg[0] == '*REDACTED*' ? arg[1] : arg }
+        else
+          new_args = args
+        end
+        [SSHKit.config.command_map[command.to_sym], *Array(new_args)].join(' ')
       else
         command.to_s
       end

test/functional/backends/test_netssh.rb

@@ -42,13 +42,45 @@ def test_simple_netssh
         ], command_lines
       end
 
+      def test_redaction
+        # Be sure redaction in the logs is showing *REDACTED*
+        Netssh.new(a_host) do
+          execute :echo, 'password:', redact('PASSWORD')
+          execute :echo, 'password:', redact(10000)
+        end.run
+        command_lines = @output.lines.select { |line| line.start_with?('Command:') }
+        assert_equal [
+                         "Command: /usr/bin/env echo password: *REDACTED*\n",
+                         "Command: /usr/bin/env echo password: *REDACTED*\n",
+                     ], command_lines
+        # Be sure the actual command executed without *REDACTED*
+        Netssh.new(a_host) do
+          execute :touch, redact('test.file')
+          execute :ls, 'test.file'
+        end.run
+        ls_lines = @output.lines.select { |line| line.start_with?("\ttest.file") }
+        assert_equal [
+                         "\ttest.file\n"
+                     ], ls_lines
+        # Error when user passes in Array to redact()
+        err = assert_raises ArgumentError do
+          Netssh.new(a_host) do |_host|
+            execute :echo, 'password array:', redact(['PASSWORD_IN_ARRAY'])
+          end.run
+        end
+        assert_equal "redact() does not support Array or Hash", err.message
+        # Cleanup
+        Netssh.new(a_host) do
+          execute :rm, ' -f test.file'
+        end.run
+      end
+
       def test_group_netssh
         Netssh.new(a_host) do
           as user: :root, group: :admin do
            execute :touch, 'restart.txt'
           end
         end.run
-
         command_lines = @output.lines.select { |line| line.start_with?('Command:') }
         assert_equal [
           "Command: if ! sudo -u root whoami > /dev/null; then echo \"You cannot switch to user 'root' using sudo, please check the sudoers file\" 1>&2; false; fi\n",