More anonymization of unhanded exception data

2025-12-06 12:41:30 +00:00 · 2014-11-02 10:55:38 +01:00
parent baf9ada28d
commit a4d058d70c
2 changed files with 9 additions and 1 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -9,6 +9,7 @@ import codecs
 import contextlib
 import cookielib
 import copy
+import getpass
 import hashlib
 import httplib
 import inspect
@@ -2845,7 +2846,7 @@ def unhandledExceptionMessage():
    errMsg += "Technique: %s\n" % (enumValueToNameLookup(PAYLOAD.TECHNIQUE, kb.technique) if kb.get("technique") else ("DIRECT" if conf.get("direct") else None))
    errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" % Backend.getDbms() if Backend.getDbms() is not None else "%s (identified)" % Backend.getIdentifiedDbms())

-    return maskSensitiveData(errMsg)
+    return errMsg

 def createGithubIssue(errMsg, excMsg):
    """
@@ -2896,6 +2897,9 @@ def maskSensitiveData(msg):
            value = extractRegexResult(regex, retVal)
            retVal = retVal.replace(value, '*' * len(value))

+    if getpass.getuser():
+        retVal = re.sub(r"(?i)\b%s\b" % re.escape(getpass.getuser()), "*" * len(getpass.getuser()), retVal)
+
    return retVal

 def listToStrValue(value):