Skip to content

Qt RPC console: history sensitive-data filter, and saving input line when browsing history #8877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jonasschnelli merged 11 commits into from
Jan 3, 2017
Merged

Qt RPC console: history sensitive-data filter, and saving input line when browsing history #8877

jonasschnelli merged 11 commits into from
Jan 3, 2017

Conversation

@luke-jr
Copy link
Member

@luke-jr luke-jr commented Oct 4, 2016

Rescuing uncontroversial parts of #5891

Alternative to #8746

@luke-jr luke-jr force-pushed the qt_console_history_filter branch from 0c83c7d to 313c0b5 Compare October 4, 2016 05:10
@laanwj
Copy link
Member

laanwj commented Oct 4, 2016

Concept ACK

@maflcko maflcko added the GUI label Oct 4, 2016
@sipa
Copy link
Member

sipa commented Oct 4, 2016

Concept ACK. Maybe add a comment that signrawtransaction can be removed from this list if it's ever split into a wallet call and a utility call.

@achow101
Copy link
Member

achow101 commented Oct 4, 2016
edited
Loading

If we're adding privkey stuff here, then signmessagewithprivkey needs to be added.

Won't those commands not show up in history? I think it should at least show that the command happened.

@paveljanik
Copy link
Contributor

paveljanik commented Oct 4, 2016

Concept ACK

@luke-jr
Copy link
Member Author

luke-jr commented Oct 4, 2016

@sipa If signrawtransaction is split, there will likely still be users trying to use the old usage for at least one release, so I'm not sure it makes sense to remove it from the filter, at least not at the same time?

@achow101 I agree it would be better to add dummy history items, but comments on previous PRs seem to suggest that is a source of disagreement.

Added signmessagewithprivkey to the filter.

@achow101
Copy link
Member

achow101 commented Oct 4, 2016

@luke-jr instead of masking out the arguments as I did in my PR, what if you just added the command name to the history. Since all the commands pass through that filter method, you could have it return the string that goes into the history. For non-filtered commands, it returns the command itself. For filtered ones, it just returns the command name.

@laanwj
Copy link
Member

laanwj commented Oct 4, 2016

Instead of masking out the arguments as I did in my PR, what if you just added the command name to the history.

Would work for me. My main comment on doing it @achow101 's way with masking individual arguments is just that that is too brittle and hard to maintain. If having just the command name to the history is useful in any way, which I doubt a bit with the incredible autocompletion that the debug console has these days, you could do that.

@luke-jr
Copy link
Member Author

luke-jr commented Oct 4, 2016
edited
Loading

I consider it useful to have any placeholder in history, since otherwise one might <up>-<enter> and get the second-to-last execution instead. At least with a dummy placeholder, they get an error/help.

@laanwj laanwj mentioned this pull request Oct 4, 2016
Closed
@jonasschnelli
Copy link
Contributor

jonasschnelli commented Oct 9, 2016

  1. The passphrase is still visible in the console as executing command when calling walletpassphrase (should this be done in a different pull request?)
  2. Nested commands makes this a little bit more complex. Executing "a dump" getnewaddress(walletpassphrase(test)) results in executing walletpassphrase(test) but actually not "hiding" the passphrase from the history.

bildschirmfoto 2016-10-09 um 10 15 55

@luke-jr luke-jr force-pushed the qt_console_history_filter branch 2 times, most recently from 858efb8 to 965bef8 Compare November 16, 2016 12:37
@luke-jr
Copy link
Member Author

luke-jr commented Nov 16, 2016

Rebased and taught it to handle nested commands. When a filtered command is encountered, all its parameters are replaced with "(…)" in the command history. Unit tests now check this.

@luke-jr luke-jr force-pushed the qt_console_history_filter branch from 965bef8 to 84eabc9 Compare November 16, 2016 13:09
jonasschnelli
jonasschnelli reviewed Nov 22, 2016
View reviewed changes
src/qt/rpcconsole.cpp Outdated
Copy link
Contributor

@jonasschnelli jonasschnelli Nov 22, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: newline

Copy link
Member Author

@luke-jr luke-jr Nov 22, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

?

@jonasschnelli
Copy link
Contributor

jonasschnelli commented Nov 22, 2016

Tested a bit.
Needs coverage for importmulti now.

luke-jr added a commit to bitcoinknots/bitcoin that referenced this pull request Dec 21, 2016
@luke-jr
GUI/RPCConsole: Include importmulti in history sensitive-command filter
19321e1 
Github-Pull: bitcoin#8877
Rebased-From: 5c7fc2237aa68675858ae17a5b825140f72487da
jonasschnelli and others added 11 commits December 29, 2016 11:43
@jonasschnelli @luke-jr
Qt/RPCConsole: Save current command entry when browsing history
fc95daa 
Shell-like, but doesn't store changed history commands until executing it.
@jonasschnelli @luke-jr
Qt/RPCConsole: Don't store commands with potentially sensitive inform…
9044908 
…ation in the history

Filters importprivkey, signrawtransaction, walletpassphrase, walletpassphrasechange, and encryptwallet
@luke-jr
Bugfix: Do not add sensitive information to history for real
de8980d 
Original code was missing braces, and short-circuited before checking everything after importprivkey
@luke-jr
Qt/RPCConsole: Refactor command_may_contain_sensitive_data function o…
afde12f 
…ut of RPCConsole::on_lineEdit_returnPressed
@luke-jr
Qt/RPCConsole: Add signmessagewithprivkey to list of commands filtere…
d80a006 
…d from history
@luke-jr
Qt/RPCConsole: Truncate filtered commands to just the command name, r…
1755c04 
…ather than skip it entirely in history
@luke-jr
Qt/RPCConsole: Make it possible to parse a command without executing it
e2d9213
@luke-jr
Qt/RPCConsole: Teach RPCParseCommandLine how to filter out arguments …
629cd42 
…to sensitive commands
@luke-jr
Qt/Test: Make sure filtering sensitive data works correctly in nested…
a79598d 
… commands
@luke-jr
Qt/RPCConsole: Use RPCParseCommandLine to perform command filtering
ff77faf
@luke-jr
GUI/RPCConsole: Include importmulti in history sensitive-command filter
8562792
@luke-jr luke-jr force-pushed the qt_console_history_filter branch from 5c7fc22 to 8562792 Compare December 29, 2016 11:49
@jonasschnelli
Copy link
Contributor

jonasschnelli commented Jan 3, 2017

Looks good. Squash/combine some commits?

@luke-jr
Copy link
Member Author

luke-jr commented Jan 3, 2017

Rather not squash... They look reasonably logical progression, and squashing is a bad practice anyway.

@jonasschnelli
Copy link
Contributor

jonasschnelli commented Jan 3, 2017

Tested ACK 8562792

1 similar comment
@btcdrak
Copy link
Contributor

btcdrak commented Jan 3, 2017

Tested ACK 8562792

@jonasschnelli jonasschnelli merged commit 8562792 into bitcoin:master Jan 3, 2017
jonasschnelli added a commit that referenced this pull request Jan 3, 2017
@jonasschnelli
Merge #8877: Qt RPC console: history sensitive-data filter, and savin…
6dc4c43 
…g input line when browsing history

8562792 GUI/RPCConsole: Include importmulti in history sensitive-command filter (Luke Dashjr)
ff77faf Qt/RPCConsole: Use RPCParseCommandLine to perform command filtering (Luke Dashjr)
a79598d Qt/Test: Make sure filtering sensitive data works correctly in nested commands (Luke Dashjr)
629cd42 Qt/RPCConsole: Teach RPCParseCommandLine how to filter out arguments to sensitive commands (Luke Dashjr)
e2d9213 Qt/RPCConsole: Make it possible to parse a command without executing it (Luke Dashjr)
1755c04 Qt/RPCConsole: Truncate filtered commands to just the command name, rather than skip it entirely in history (Luke Dashjr)
d80a006 Qt/RPCConsole: Add signmessagewithprivkey to list of commands filtered from history (Luke Dashjr)
afde12f Qt/RPCConsole: Refactor command_may_contain_sensitive_data function out of RPCConsole::on_lineEdit_returnPressed (Luke Dashjr)
de8980d Bugfix: Do not add sensitive information to history for real (Luke Dashjr)
9044908 Qt/RPCConsole: Don't store commands with potentially sensitive information in the history (Jonas Schnelli)
fc95daa Qt/RPCConsole: Save current command entry when browsing history (Jonas Schnelli)
@paveljanik
Copy link
Contributor

paveljanik commented Jan 3, 2017
edited
Loading

Wshadow statistics:
1 qt/rpcconsole.cpp:173:56: warning: declaration shadows a local variable [-Wshadow]

qt/rpcconsole.cpp:173:56: warning: declaration shadows a local variable [-Wshadow]
    auto add_to_current_stack = [&](const std::string& curarg) {
                                                       ^
qt/rpcconsole.cpp:167:17: note: previous declaration is here
    std::string curarg;
                ^
1 warning generated.

@luke-jr
Copy link
Member Author

luke-jr commented Jan 4, 2017

@paveljanik That looks like a bug in the compiler?

@paveljanik
Copy link
Contributor

paveljanik commented Jan 5, 2017

Why do you think so? It is clear that curarg inside the block shadows curarg outside.

@jonasschnelli
Copy link
Contributor

jonasschnelli commented Jan 5, 2017

@paveljanik: Maybe write a fix PR?

@luke-jr
Copy link
Member Author

luke-jr commented Jan 5, 2017

@paveljanik It's a different scope, and lambda functions do not inherit the scope of the calling function beyond what you tell it to.

@sipa
Copy link
Member

sipa commented Jan 5, 2017

@luke-jr Not by default, but your lambda has capture list [&], which means it does capture everything.

@luke-jr
Copy link
Member Author

luke-jr commented Jan 6, 2017

I thought [&] was only supposed to capture stuff actually referenced?

@sipa
Copy link
Member

sipa commented Jan 6, 2017

@luke-jr Well, yes. But if -Wshadow wants to catch potential errors resulting from variables being identically named, it should absolutely catch this.

@paveljanik
Copy link
Contributor

paveljanik commented Jan 9, 2017

@luke-jr What name do you want me to use inside lambda instead of curarg? strArg?

@luke-jr
Copy link
Member Author

luke-jr commented Jan 9, 2017

Sure

@paveljanik paveljanik mentioned this pull request Jan 9, 2017
Merged
@jonasschnelli jonasschnelli mentioned this pull request Jan 10, 2017
Closed
18 tasks
codablock pushed a commit to codablock/dash that referenced this pull request Jan 18, 2018
@jonasschnelli @codablock
Merge bitcoin#8877: Qt RPC console: history sensitive-data filter, an…
1d83352 
…d saving input line when browsing history

8562792 GUI/RPCConsole: Include importmulti in history sensitive-command filter (Luke Dashjr)
ff77faf Qt/RPCConsole: Use RPCParseCommandLine to perform command filtering (Luke Dashjr)
a79598d Qt/Test: Make sure filtering sensitive data works correctly in nested commands (Luke Dashjr)
629cd42 Qt/RPCConsole: Teach RPCParseCommandLine how to filter out arguments to sensitive commands (Luke Dashjr)
e2d9213 Qt/RPCConsole: Make it possible to parse a command without executing it (Luke Dashjr)
1755c04 Qt/RPCConsole: Truncate filtered commands to just the command name, rather than skip it entirely in history (Luke Dashjr)
d80a006 Qt/RPCConsole: Add signmessagewithprivkey to list of commands filtered from history (Luke Dashjr)
afde12f Qt/RPCConsole: Refactor command_may_contain_sensitive_data function out of RPCConsole::on_lineEdit_returnPressed (Luke Dashjr)
de8980d Bugfix: Do not add sensitive information to history for real (Luke Dashjr)
9044908 Qt/RPCConsole: Don't store commands with potentially sensitive information in the history (Jonas Schnelli)
fc95daa Qt/RPCConsole: Save current command entry when browsing history (Jonas Schnelli)
andvgal pushed a commit to energicryptocurrency/gen2-energi that referenced this pull request Jan 6, 2019
@jonasschnelli @andvgal
Merge bitcoin#8877: Qt RPC console: history sensitive-data filter, an…
be09450 
…d saving input line when browsing history

8562792 GUI/RPCConsole: Include importmulti in history sensitive-command filter (Luke Dashjr)
ff77faf Qt/RPCConsole: Use RPCParseCommandLine to perform command filtering (Luke Dashjr)
a79598d Qt/Test: Make sure filtering sensitive data works correctly in nested commands (Luke Dashjr)
629cd42 Qt/RPCConsole: Teach RPCParseCommandLine how to filter out arguments to sensitive commands (Luke Dashjr)
e2d9213 Qt/RPCConsole: Make it possible to parse a command without executing it (Luke Dashjr)
1755c04 Qt/RPCConsole: Truncate filtered commands to just the command name, rather than skip it entirely in history (Luke Dashjr)
d80a006 Qt/RPCConsole: Add signmessagewithprivkey to list of commands filtered from history (Luke Dashjr)
afde12f Qt/RPCConsole: Refactor command_may_contain_sensitive_data function out of RPCConsole::on_lineEdit_returnPressed (Luke Dashjr)
de8980d Bugfix: Do not add sensitive information to history for real (Luke Dashjr)
9044908 Qt/RPCConsole: Don't store commands with potentially sensitive information in the history (Jonas Schnelli)
fc95daa Qt/RPCConsole: Save current command entry when browsing history (Jonas Schnelli)
CryptoCentric pushed a commit to absolute-community/absolute that referenced this pull request Feb 26, 2019
@jonasschnelli @CryptoCentric
Merge bitcoin#8877: Qt RPC console: history sensitive-data filter, an
1b53750 
…d saving input line when browsing history

8562792 GUI/RPCConsole: Include importmulti in history sensitive-command filter (Luke Dashjr)
ff77faf Qt/RPCConsole: Use RPCParseCommandLine to perform command filtering (Luke Dashjr)
a79598d Qt/Test: Make sure filtering sensitive data works correctly in nested commands (Luke Dashjr)
629cd42 Qt/RPCConsole: Teach RPCParseCommandLine how to filter out arguments to sensitive commands (Luke Dashjr)
e2d9213 Qt/RPCConsole: Make it possible to parse a command without executing it (Luke Dashjr)
1755c04 Qt/RPCConsole: Truncate filtered commands to just the command name, rather than skip it entirely in history (Luke Dashjr)
d80a006 Qt/RPCConsole: Add signmessagewithprivkey to list of commands filtered from history (Luke Dashjr)
afde12f Qt/RPCConsole: Refactor command_may_contain_sensitive_data function out of RPCConsole::on_lineEdit_returnPressed (Luke Dashjr)
de8980d Bugfix: Do not add sensitive information to history for real (Luke Dashjr)
9044908 Qt/RPCConsole: Don't store commands with potentially sensitive information in the history (Jonas Schnelli)
fc95daa Qt/RPCConsole: Save current command entry when browsing history (Jonas Schnelli)
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Sep 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@jonasschnelli jonasschnelli jonasschnelli left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

GUI

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@luke-jr @laanwj @sipa @achow101 @paveljanik @jonasschnelli @btcdrak @maflcko