Clear password from command line #11624

This commit is contained in:
Alexey Milovidov 2020-06-14 22:23:05 +03:00
parent 561d4b5b01
commit 07ba7ffea5
5 changed files with 31 additions and 1 deletions

View File

@ -18,6 +18,7 @@
#include <Common/ConcurrentBoundedQueue.h>
#include <Common/Exception.h>
#include <Common/randomSeed.h>
#include <Common/clearPasswordFromCommandLine.h>
#include <Core/Types.h>
#include <IO/ReadBufferFromFileDescriptor.h>
#include <IO/WriteBufferFromFileDescriptor.h>
@ -539,7 +540,7 @@ int mainEntryClickHouseBenchmark(int argc, char ** argv)
("password", value<std::string>()->default_value(""), "")
("database", value<std::string>()->default_value("default"), "")
("stacktrace", "print stack traces of exceptions")
("confidence", value<size_t>()->default_value(5), "set the level of confidence for T-test [0=80%, 1=90%, 2=95%, 3=98%, 4=99%, 5=99.5%(default)")
("confidence", value<size_t>()->default_value(5), "set the level of confidence for T-test [0=80%, 1=90%, 2=95%, 3=98%, 4=99%, 5=99.5%(default)")
("query_id", value<std::string>()->default_value(""), "")
;
@ -550,6 +551,8 @@ int mainEntryClickHouseBenchmark(int argc, char ** argv)
boost::program_options::store(boost::program_options::parse_command_line(argc, argv, desc), options);
boost::program_options::notify(options);
clearPasswordFromCommandLine(argc, argv);
if (options.count("help"))
{
std::cout << "Usage: " << argv[0] << " [options] < queries.txt\n";

View File

@ -38,6 +38,7 @@
#include <Common/Throttler.h>
#include <Common/StringUtils/StringUtils.h>
#include <Common/typeid_cast.h>
#include <Common/clearPasswordFromCommandLine.h>
#include <Common/Config/ConfigProcessor.h>
#include <Core/Types.h>
#include <Core/QueryProcessingStage.h>
@ -2006,6 +2007,7 @@ public:
argsToConfig(common_arguments, config(), 100);
clearPasswordFromCommandLine(argc, argv);
}
};

View File

@ -0,0 +1,18 @@
#include <string.h>
#include "clearPasswordFromCommandLine.h"
void clearPasswordFromCommandLine(int argc, char ** argv)
{
for (int arg = 1; arg < argc; ++arg)
{
if (arg + 1 < argc && 0 == strcmp(argv[arg], "--password"))
{
++arg;
memset(argv[arg], 0, strlen(argv[arg]));
}
else if (0 == strncmp(argv[arg], "--password=", strlen("--password=")))
{
memset(argv[arg] + strlen("--password="), 0, strlen(argv[arg]) - strlen("--password="));
}
}
}

View File

@ -0,0 +1,6 @@
#pragma once
/** If there are --password=... or --password ... arguments in command line, replace their values with zero bytes.
* This is needed to prevent password exposure in 'ps' and similar tools.
*/
void clearPasswordFromCommandLine(int argc, char ** argv);

View File

@ -30,6 +30,7 @@ SRCS(
Config/configReadClient.cpp
Config/ConfigReloader.cpp
createHardLink.cpp
clearPasswordFromCommandLine.cpp
CurrentMetrics.cpp
CurrentThread.cpp
DNSResolver.cpp