diff options
Diffstat (limited to 'cli')
| -rwxr-xr-x | cli/sensitive-log.sh | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/cli/sensitive-log.sh b/cli/sensitive-log.sh new file mode 100755 index 000000000..40309b0db --- /dev/null +++ b/cli/sensitive-log.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# Strips sensitive passwords from (Apache) logs + +# For e.g. GNU systems such as Debian +# N.B.: `sed -u` is not available in BusyBox and without it there are buffering delays (even with stdbuf) +sed -Eu 's/([?&])(Passwd|token)=[^& \t]+/\1\2=redacted/ig' 2>/dev/null || + + # For systems with gawk (not available by default in Docker of Debian or Alpine) or with BuzyBox such as Alpine + $(which gawk || which awk) -v IGNORECASE=1 '{ print gensub(/([?&])(Passwd|token)=[^& \t]+/, "\\1\\2=redacted", "g") }' |