From 2754629a95c1efe603b3c3245f90a26b3ed7f177 Mon Sep 17 00:00:00 2001
From: Duke <duke@hush.is>
Date: Wed, 24 Jan 2024 13:26:30 -0500
Subject: [PATCH] Do not log sensitive data to STDOUT

This fixes a bug where sensitive data could be logged to STDOUT, such
as private keys and filenames which contain private keys. This data
was never written to disk, but someone could redirect all STDOUT
to a file on disk with "./silentdragon &> out.txt" or share the STDOUT
in a bug report and not realize private keys were in that data.
---
 src/connection.cpp | 18 ++++++++++++++----
 src/rpc.cpp        |  6 +++---
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/src/connection.cpp b/src/connection.cpp
index acad8bd..a5a0a5b 100644
--- a/src/connection.cpp
+++ b/src/connection.cpp
@@ -890,15 +890,25 @@ Connection::~Connection() {
 void Connection::doRPC(const QJsonValue& payload, const std::function<void(QJsonValue)>& cb,
                        const std::function<void(QNetworkReply*, const QJsonValue&)>& ne) {
     if (shutdownInProgress) {
-        qDebug() << __func__ << ": Ignoring RPC because shutdown in progress";
+        DEBUG("Ignoring RPC because shutdown in progress");
         return;
     }
 
     if(payload.isNull() || payload.isUndefined()) {
-        qDebug() << "no payload! ignoring";
+        DEBUG("no payload! ignoring");
         return;
     } else {
-        qDebug() << __func__ << ": " << payload["method"].toString() << payload;
+        // this will match importprivkey z_importkey z_importviewingkey  importwallet z_importwallet
+        // and some other RPCs that have no GUI
+        // So this code ends up redacting payloads which contain private keys and filenames which contain private keys
+        QRegExp re("import");
+        //DEBUG("payload.toString==" << payload["method"].toString());
+        //DEBUG("payload.toString.indexIn==" << re.indexIn(payload["method"].toString()) );
+        if( re.indexIn(payload["method"].toString()) == -1 ) {
+            DEBUG( payload["method"].toString() << payload );
+        } else {
+            DEBUG( payload["method"].toString() << " PAYLOAD REDACTED " );
+        }
     }
 
     QJsonDocument jd_rpc_call(payload.toObject());
@@ -909,7 +919,7 @@ void Connection::doRPC(const QJsonValue& payload, const std::function<void(QJson
     QObject::connect(reply, &QNetworkReply::finished, [=] {
         reply->deleteLater();
         if (shutdownInProgress) {
-            // Ignoring callback because shutdown in progress
+            DEBUG("Ignoring callback because shutdown in progress");
             return;
         }
 
diff --git a/src/rpc.cpp b/src/rpc.cpp
index e55bcbc..06d3fc6 100644
--- a/src/rpc.cpp
+++ b/src/rpc.cpp
@@ -369,7 +369,7 @@ void RPC::importTPrivKey(QString privkey, bool rescan, const std::function<void(
 
     // If privkey starts with 5, K or L, use old-style Hush params, same as BTC+ZEC
     if( privkey.startsWith("5") || privkey.startsWith("K") || privkey.startsWith("L") ) {
-        qDebug() << "Detected old-style HUSH WIF";
+        DEBUG("Detected old-style taddr HUSH WIF");
         payload = {
             {"jsonrpc", "1.0"},
             {"id", "42"},
@@ -377,7 +377,7 @@ void RPC::importTPrivKey(QString privkey, bool rescan, const std::function<void(
             {"params", QJsonArray { privkey, "", rescan , "0", "128" }},
         };
     } else {
-        qDebug() << "Detected new-style HUSH WIF";
+        DEBUG("Detected new-style taddr HUSH WIF");
         payload = {
             {"jsonrpc", "1.0"},
             {"id", "42"},
@@ -386,7 +386,7 @@ void RPC::importTPrivKey(QString privkey, bool rescan, const std::function<void(
         };
     }
 
-    qDebug() <<  "Importing WIF with rescan=" << rescan;
+    DEBUG("Importing taddr WIF with rescan=" << rescan);
 
     conn->doRPCWithDefaultErrorHandling(payload, cb);
 }