Do not log sensitive data to STDOUT

This fixes a bug where sensitive data could be logged to STDOUT, such as private keys and filenames which contain private keys. This data was never written to disk, but someone could redirect all STDOUT to a file on disk with "./silentdragon &> out.txt" or share the STDOUT in a bug report and not realize private keys were in that data.
3 months ago · 2754629a95
2 changed files with 17 additions and 7 deletions
--- a/src/connection.cpp
+++ b/src/connection.cpp
@ -890,15 +890,25 @@ Connection::~Connection() {
 void Connection::doRPC(const QJsonValue& payload, const std::function<void(QJsonValue)>& cb,
                       const std::function<void(QNetworkReply*, const QJsonValue&)>& ne) {
    if (shutdownInProgress) {
-        qDebug() << __func__ << ": Ignoring RPC because shutdown in progress";
+        DEBUG("Ignoring RPC because shutdown in progress");
        return;
    }

    if(payload.isNull() || payload.isUndefined()) {
-        qDebug() << "no payload! ignoring";
+        DEBUG("no payload! ignoring");
        return;
    } else {
-        qDebug() << __func__ << ": " << payload["method"].toString() << payload;
+        // this will match importprivkey z_importkey z_importviewingkey  importwallet z_importwallet
+        // and some other RPCs that have no GUI
+        // So this code ends up redacting payloads which contain private keys and filenames which contain private keys
+        QRegExp re("import");
+        //DEBUG("payload.toString==" << payload["method"].toString());
+        //DEBUG("payload.toString.indexIn==" << re.indexIn(payload["method"].toString()) );
+        if( re.indexIn(payload["method"].toString()) == -1 ) {
+            DEBUG( payload["method"].toString() << payload );
+        } else {
+            DEBUG( payload["method"].toString() << " PAYLOAD REDACTED " );
+        }
    }

    QJsonDocument jd_rpc_call(payload.toObject());
@ -909,7 +919,7 @@ void Connection::doRPC(const QJsonValue& payload, const std::function<void(QJson
    QObject::connect(reply, &QNetworkReply::finished, [=] {
        reply->deleteLater();
        if (shutdownInProgress) {
-            // Ignoring callback because shutdown in progress
+            DEBUG("Ignoring callback because shutdown in progress");
            return;
        }

--- a/src/rpc.cpp
+++ b/src/rpc.cpp
@ -369,7 +369,7 @@ void RPC::importTPrivKey(QString privkey, bool rescan, const std::function<void(

    // If privkey starts with 5, K or L, use old-style Hush params, same as BTC+ZEC
    if( privkey.startsWith("5") || privkey.startsWith("K") || privkey.startsWith("L") ) {
-        qDebug() << "Detected old-style HUSH WIF";
+        DEBUG("Detected old-style taddr HUSH WIF");
        payload = {
            {"jsonrpc", "1.0"},
            {"id", "42"},
@ -377,7 +377,7 @@ void RPC::importTPrivKey(QString privkey, bool rescan, const std::function<void(
            {"params", QJsonArray { privkey, "", rescan , "0", "128" }},
        };
    } else {
-        qDebug() << "Detected new-style HUSH WIF";
+        DEBUG("Detected new-style taddr HUSH WIF");
        payload = {
            {"jsonrpc", "1.0"},
            {"id", "42"},
@ -386,7 +386,7 @@ void RPC::importTPrivKey(QString privkey, bool rescan, const std::function<void(
        };
    }

-    qDebug() <<  "Importing WIF with rescan=" << rescan;
+    DEBUG("Importing taddr WIF with rescan=" << rescan);

    conn->doRPCWithDefaultErrorHandling(payload, cb);
 }