Qt RPC console: history sensitive-data filter, and saving input line when browsing history #8877

pull luke-jr wants to merge 11 commits into bitcoin:master from luke-jr:qt_console_history_filter changing 3 files +131 −20
  1. luke-jr commented at 5:10 am on October 4, 2016: member

    Rescuing uncontroversial parts of #5891

    Alternative to #8746

  2. luke-jr force-pushed on Oct 4, 2016
  3. laanwj commented at 9:11 am on October 4, 2016: member
    Concept ACK
  4. MarcoFalke added the label GUI on Oct 4, 2016
  5. sipa commented at 12:35 pm on October 4, 2016: member
    Concept ACK. Maybe add a comment that signrawtransaction can be removed from this list if it’s ever split into a wallet call and a utility call.
  6. achow101 commented at 12:38 pm on October 4, 2016: member

    If we’re adding privkey stuff here, then signmessagewithprivkey needs to be added.

    Won’t those commands not show up in history? I think it should at least show that the command happened.

  7. paveljanik commented at 1:55 pm on October 4, 2016: contributor
    Concept ACK
  8. luke-jr commented at 2:10 pm on October 4, 2016: member

    @sipa If signrawtransaction is split, there will likely still be users trying to use the old usage for at least one release, so I’m not sure it makes sense to remove it from the filter, at least not at the same time? @achow101 I agree it would be better to add dummy history items, but comments on previous PRs seem to suggest that is a source of disagreement.

    Added signmessagewithprivkey to the filter.

  9. achow101 commented at 2:22 pm on October 4, 2016: member
    @luke-jr instead of masking out the arguments as I did in my PR, what if you just added the command name to the history. Since all the commands pass through that filter method, you could have it return the string that goes into the history. For non-filtered commands, it returns the command itself. For filtered ones, it just returns the command name.
  10. laanwj commented at 3:30 pm on October 4, 2016: member

    Instead of masking out the arguments as I did in my PR, what if you just added the command name to the history.

    Would work for me. My main comment on doing it @achow101 ’s way with masking individual arguments is just that that is too brittle and hard to maintain. If having just the command name to the history is useful in any way, which I doubt a bit with the incredible autocompletion that the debug console has these days, you could do that.

  11. luke-jr commented at 3:38 pm on October 4, 2016: member
    I consider it useful to have any placeholder in history, since otherwise one might <up>-<enter> and get the second-to-last execution instead. At least with a dummy placeholder, they get an error/help.
  12. jonasschnelli commented at 8:19 am on October 9, 2016: contributor
    1. The passphrase is still visible in the console as executing command when calling walletpassphrase (should this be done in a different pull request?)
    2. Nested commands makes this a little bit more complex. Executing “a dump” getnewaddress(walletpassphrase(test)) results in executing walletpassphrase(test) but actually not “hiding” the passphrase from the history.
  13. luke-jr force-pushed on Nov 16, 2016
  14. luke-jr force-pushed on Nov 16, 2016
  15. luke-jr commented at 12:40 pm on November 16, 2016: member
    Rebased and taught it to handle nested commands. When a filtered command is encountered, all its parameters are replaced with “(…)” in the command history. Unit tests now check this.
  16. luke-jr force-pushed on Nov 16, 2016
  17. in src/qt/rpcconsole.cpp: in 84eabc9af0 outdated
    72+    << "signmessagewithprivkey"
    73+    << "signrawtransaction"
    74+    << "walletpassphrase"
    75+    << "walletpassphrasechange"
    76+    << "encryptwallet";
    77+
    


    jonasschnelli commented at 2:34 pm on November 22, 2016:
    nit: newline

    luke-jr commented at 11:36 pm on November 22, 2016:
    ?
  18. jonasschnelli commented at 2:42 pm on November 22, 2016: contributor
    Tested a bit. Needs coverage for importmulti now.
  19. luke-jr referenced this in commit 19321e129f on Dec 21, 2016
  20. Qt/RPCConsole: Save current command entry when browsing history
    Shell-like, but doesn't store changed history commands until executing it.
    fc95daa97f
  21. Qt/RPCConsole: Don't store commands with potentially sensitive information in the history
    Filters importprivkey, signrawtransaction, walletpassphrase, walletpassphrasechange, and encryptwallet
    9044908636
  22. Bugfix: Do not add sensitive information to history for real
    Original code was missing braces, and short-circuited before checking everything after importprivkey
    de8980df9d
  23. Qt/RPCConsole: Refactor command_may_contain_sensitive_data function out of RPCConsole::on_lineEdit_returnPressed afde12f265
  24. Qt/RPCConsole: Add signmessagewithprivkey to list of commands filtered from history d80a00660f
  25. Qt/RPCConsole: Truncate filtered commands to just the command name, rather than skip it entirely in history 1755c04576
  26. Qt/RPCConsole: Make it possible to parse a command without executing it e2d9213c32
  27. Qt/RPCConsole: Teach RPCParseCommandLine how to filter out arguments to sensitive commands 629cd42364
  28. Qt/Test: Make sure filtering sensitive data works correctly in nested commands a79598ddf4
  29. Qt/RPCConsole: Use RPCParseCommandLine to perform command filtering ff77faf480
  30. GUI/RPCConsole: Include importmulti in history sensitive-command filter 8562792095
  31. luke-jr force-pushed on Dec 29, 2016
  32. jonasschnelli commented at 8:35 am on January 3, 2017: contributor
    Looks good. Squash/combine some commits?
  33. luke-jr commented at 2:39 pm on January 3, 2017: member
    Rather not squash… They look reasonably logical progression, and squashing is a bad practice anyway.
  34. jonasschnelli commented at 3:19 pm on January 3, 2017: contributor
    Tested ACK 8562792095a78fdef2dacc3c5e32c41206df4c87
  35. btcdrak commented at 3:55 pm on January 3, 2017: contributor
    Tested ACK 8562792095a78fdef2dacc3c5e32c41206df4c87
  36. jonasschnelli merged this on Jan 3, 2017
  37. jonasschnelli closed this on Jan 3, 2017

  38. jonasschnelli referenced this in commit 6dc4c43d32 on Jan 3, 2017
  39. paveljanik commented at 9:55 pm on January 3, 2017: contributor

    Wshadow statistics: 1 qt/rpcconsole.cpp:173:56: warning: declaration shadows a local variable [-Wshadow]

    0qt/rpcconsole.cpp:173:56: warning: declaration shadows a local variable [-Wshadow]
    1    auto add_to_current_stack = [&](const std::string& curarg) {
    2                                                       ^
    3qt/rpcconsole.cpp:167:17: note: previous declaration is here
    4    std::string curarg;
    5                ^
    61 warning generated.
    
  40. luke-jr commented at 2:48 pm on January 4, 2017: member
    @paveljanik That looks like a bug in the compiler?
  41. paveljanik commented at 7:48 pm on January 5, 2017: contributor
    Why do you think so? It is clear that curarg inside the block shadows curarg outside.
  42. jonasschnelli commented at 7:57 pm on January 5, 2017: contributor
    @paveljanik: Maybe write a fix PR?
  43. luke-jr commented at 9:38 pm on January 5, 2017: member
    @paveljanik It’s a different scope, and lambda functions do not inherit the scope of the calling function beyond what you tell it to.
  44. sipa commented at 9:41 pm on January 5, 2017: member
    @luke-jr Not by default, but your lambda has capture list [&], which means it does capture everything.
  45. luke-jr commented at 0:43 am on January 6, 2017: member
    I thought [&] was only supposed to capture stuff actually referenced?
  46. sipa commented at 0:47 am on January 6, 2017: member
    @luke-jr Well, yes. But if -Wshadow wants to catch potential errors resulting from variables being identically named, it should absolutely catch this.
  47. paveljanik commented at 1:23 pm on January 9, 2017: contributor
    @luke-jr What name do you want me to use inside lambda instead of curarg? strArg?
  48. luke-jr commented at 5:22 pm on January 9, 2017: member
    Sure
  49. codablock referenced this in commit 1d83352dad on Jan 18, 2018
  50. andvgal referenced this in commit be09450837 on Jan 6, 2019
  51. CryptoCentric referenced this in commit 1b53750c4a on Feb 26, 2019
  52. MarcoFalke locked this on Sep 8, 2021

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-19 00:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me