Bug 1578: Mask out passwords in raw settings (proxy and tunnel) when logging command-line

https://winscp.net/tracker/1578

Source commit: c3fbb031aa0ebf890cb5d97454ff20c87652cb78

source/core/Script.cpp

@@ -2463,6 +2463,7 @@ void __fastcall TManagementScript::MaskPasswordInCommandLine(UnicodeString & Com
   UnicodeString RawParam;
   UnicodeString Separator;
   UnicodeString Separator2;
+  UnicodeString OptionWithParameters;
   bool AnyMaskedParam = false;
 
   TOptions Options;
@@ -2486,17 +2487,31 @@ void __fastcall TManagementScript::MaskPasswordInCommandLine(UnicodeString & Com
       wchar_t SwitchMark;
       if (Options.WasSwitchAdded(Switch, SwitchMark))
       {
+        OptionWithParameters = L"";
         if (TSessionData::IsSensitiveOption(Switch))
         {
           // We should use something like TProgramParams::FormatSwitch here
-          RawParam = FORMAT(L"%s%s=***", (SwitchMark, Switch));
+          RawParam = FORMAT(L"%s%s=%s", (SwitchMark, Switch, PasswordMask));
           AnyMaskedParam = true;
         }
+        else if (TSessionData::IsOptionWithParameters(Switch))
+        {
+          OptionWithParameters = Switch;
+        }
 
         SubCommands = SameText(Switch, COMMAND_SWITCH);
       }
       else
       {
+        if (!OptionWithParameters.IsEmpty())
+        {
+          if (TSessionData::MaskPasswordInOptionParameter(OptionWithParameters, Param))
+          {
+            RawParam = Param;
+            AnyMaskedParam = true;
+          }
+        }
+
         if (Recurse && SubCommands)
         {
           UnicodeString Cmd2 = Param;

source/core/SessionData.cpp

@@ -65,6 +65,7 @@ const wchar_t UrlParamValueSeparator = L'=';
 const UnicodeString UrlHostKeyParamName(L"fingerprint");
 const UnicodeString UrlSaveParamName(L"save");
 const UnicodeString PassphraseOption(L"passphrase");
+const UnicodeString RawSettingsOption(L"rawsettings");
 const UnicodeString S3HostName(S3LibDefaultHostName());
 //---------------------------------------------------------------------
 TDateTime __fastcall SecToDateTime(int Sec)
@@ -1622,6 +1623,35 @@ bool __fastcall TSessionData::IsSensitiveOption(const UnicodeString & Option)
     SameText(Option, NEWPASSWORD_SWITCH);
 }
 //---------------------------------------------------------------------
+bool __fastcall TSessionData::IsOptionWithParameters(const UnicodeString & Option)
+{
+  return SameText(Option, RawSettingsOption);
+}
+//---------------------------------------------------------------------
+bool __fastcall TSessionData::MaskPasswordInOptionParameter(const UnicodeString & Option, UnicodeString & Param)
+{
+  bool Result = false;
+  if (SameText(Option, RawSettingsOption))
+  {
+    int P = Param.Pos(L"=");
+    if (P > 0)
+    {
+      // TStrings.IndexOfName does not trim
+      UnicodeString Key = Param.SubString(1, P - 1);
+
+      if (SameText(Key, L"ProxyPassword") ||
+          SameText(Key, L"ProxyPasswordEnc") ||
+          SameText(Key, L"TunnelPassword") ||
+          SameText(Key, L"TunnelPasswordPlain"))
+      {
+        Param = Key + L"=" + PasswordMask;
+        Result = true;
+      }
+    }
+  }
+  return Result;
+}
+//---------------------------------------------------------------------
 bool __fastcall TSessionData::ParseUrl(UnicodeString Url, TOptions * Options,
   TStoredSessionList * StoredSessions, bool & DefaultsOnly, UnicodeString * FileName,
   bool * AProtocolDefined, UnicodeString * MaskedUrl)
@@ -1998,7 +2028,7 @@ bool __fastcall TSessionData::ParseUrl(UnicodeString Url, TOptions * Options,
         PortNumber = FtpPortNumber;
       }
     }
-    if (Options->FindSwitch(L"rawsettings"))
+    if (Options->FindSwitch(RawSettingsOption))
     {
       TStrings * RawSettings = NULL;
       TOptionsStorage * OptionsStorage = NULL;
@@ -2006,7 +2036,7 @@ bool __fastcall TSessionData::ParseUrl(UnicodeString Url, TOptions * Options,
       {
         RawSettings = new TStringList();
 
-        if (Options->FindSwitch(L"rawsettings", RawSettings))
+        if (Options->FindSwitch(RawSettingsOption, RawSettings))
         {
           OptionsStorage = new TOptionsStorage(RawSettings, false);
           ApplyRawSettings(OptionsStorage);
@@ -2974,7 +3004,7 @@ UnicodeString __fastcall TSessionData::GenerateOpenCommandArgs(bool Rtf)
 
   if (RawSettings->Count > 0)
   {
-    AddSwitch(Result, L"rawsettings", Rtf);
+    AddSwitch(Result, RawSettingsOption, Rtf);
 
     for (int Index = 0; Index < RawSettings->Count; Index++)
     {

source/core/SessionData.h

@@ -483,6 +483,8 @@ public:
   static UnicodeString __fastcall ExtractFolderName(const UnicodeString & Name);
   static UnicodeString __fastcall ComposePath(const UnicodeString & Path, const UnicodeString & Name);
   static bool __fastcall IsSensitiveOption(const UnicodeString & Option);
+  static bool __fastcall IsOptionWithParameters(const UnicodeString & Option);
+  static bool __fastcall MaskPasswordInOptionParameter(const UnicodeString & Option, UnicodeString & Param);
   static UnicodeString __fastcall FormatSiteKey(const UnicodeString & HostName, int PortNumber);
 
   __property UnicodeString HostName  = { read=FHostName, write=SetHostName };