diff --git a/sos/report/plugins/subscription_manager.py b/sos/report/plugins/subscription_manager.py index 6b302b463..fb631307a 100644 --- a/sos/report/plugins/subscription_manager.py +++ b/sos/report/plugins/subscription_manager.py @@ -8,6 +8,7 @@ from configparser import NoOptionError, NoSectionError import glob +from os import remove from sos.report.plugins import Plugin, RedHatPlugin @@ -21,6 +22,8 @@ class SubscriptionManager(Plugin, RedHatPlugin): files = ('/etc/rhsm/rhsm.conf',) packages = ('subscription-manager',) + curl_config = 'rhsm_curl_cfg' + def get_proxy_string(self, config): """ return curl options --proxy[-user] per RHSM config """ proxy = "" @@ -33,10 +36,16 @@ def get_proxy_string(self, config): proxy = f"--proxy {proxy_scheme}://{proxy_hostname}{proxy_port}" proxy_user = config.get('server', 'proxy_user') if proxy and proxy_user: - proxy += f" --proxy-user {proxy_user}" - proxy_password = config.get('server', 'proxy_password') - if proxy_password: - proxy += f":{proxy_password}" + proxy_pass = config.get('server', 'proxy_password') + if proxy_pass: + self._curl_cfg_fname = self.archive.dest_path(self.curl_config) + with open(self._curl_cfg_fname, 'w', encoding='utf-8') as _f: + _f.write( + f"--proxy-user {proxy_user}:{proxy_pass}" + ) # codeql[py/clear-text-storage-sensitive-data] + proxy += f" --config {self._curl_cfg_fname}" + else: + proxy += f" --proxy-user {proxy_user}" return proxy def get_server_url(self, config): @@ -114,5 +123,8 @@ def postproc(self): regexp = r"(password(\s)*=(\s)*)(\S+)\n" repl = r"\1********\n" self.do_path_regex_sub("/var/lib/rhsm/repo_server_val/*", regexp, repl) + # if curl used config file to hide proxy password, remove the file + if self._curl_cfg_fname: + remove(self._curl_cfg_fname) # vim: et ts=4 sw=4