From 06ba99e4e68af69708b7dd76eea821de7873a236 Mon Sep 17 00:00:00 2001 From: Oliver Gorwits Date: Mon, 4 Aug 2014 22:33:08 +0100 Subject: [PATCH] Do not leak SNMP community string into debug output (unless LEAK_COMMUNITY=1) --- Netdisco/Changes | 1 + Netdisco/lib/App/Netdisco/Util/SNMP.pm | 9 +++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Netdisco/Changes b/Netdisco/Changes index 6f41933a..c0a24bea 100644 --- a/Netdisco/Changes +++ b/Netdisco/Changes @@ -12,6 +12,7 @@ * Add "AP" as a hint for WAP support * Attempt to keep PID and logfile as netdisco user even when running as root * Show netdisco-do docs on options error + * Do not leak SNMP community string into debug output (unless SHOW_COMMUNITY=1) [BUG FIXES] diff --git a/Netdisco/lib/App/Netdisco/Util/SNMP.pm b/Netdisco/lib/App/Netdisco/Util/SNMP.pm index 746186ab..63458a4b 100644 --- a/Netdisco/lib/App/Netdisco/Util/SNMP.pm +++ b/Netdisco/lib/App/Netdisco/Util/SNMP.pm @@ -136,13 +136,15 @@ sub _snmp_connect_generic { sub _try_connect { my ($device, $class, $comm, $mode, $snmp_args) = @_; my %comm_args = _mk_info_commargs($comm); + my $debug_comm = ( $comm->{community} + ? $ENV{SHOW_COMMUNITY} ? $comm->{community} : '' + : "v3user:$comm->{user}" ); my $info = undef; try { debug sprintf '[%s] try_connect with ver: %s, class: %s, comm: %s', - $snmp_args->{DestHost}, $snmp_args->{Version}, $class, - ($comm->{community} || "v3user:$comm->{user}"); + $snmp_args->{DestHost}, $snmp_args->{Version}, $class, $debug_comm; Module::Load::load $class; $info = $class->new(%$snmp_args, %comm_args); @@ -154,8 +156,7 @@ sub _try_connect { $class = $info->device_type; debug sprintf '[%s] try_connect with ver: %s, new class: %s, comm: %s', - $snmp_args->{DestHost}, $snmp_args->{Version}, $class, - ($comm->{community} || "v3user:$comm->{user}"); + $snmp_args->{DestHost}, $snmp_args->{Version}, $class, $debug_comm; Module::Load::load $class; $info = $class->new(%$snmp_args, %comm_args);