Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Enhancement] - Sanitize sensitive data from .cli.his #6361

Merged
merged 3 commits into from
May 2, 2024

Conversation

IgorWounds
Copy link
Contributor

@IgorWounds IgorWounds commented May 2, 2024

  1. Why? (1-3 sentences or a bullet point list):

    • The command history was saved locally with the login details not sanitized which could result in a security issue.
  2. What? (1-3 sentences or a bullet point list):

    • Introduces sanitization to protected keywords email, password and pat.
    • The user can still use the upper arrow key to get his command unsanitized while the session is still lasting. After restarting the CLI, it can't be grabbed anymore in an unsanitized form.
    • Fix long command names not showing providers
  3. Impact (1-2 sentences or a bullet point list):

    • Higher security.
  4. Testing Done:

    • Ensured it works by calling the login command and checking the local file.

@IgorWounds IgorWounds added enhancement Enhancement security P0 cli OpenBB Platform CLI labels May 2, 2024
@montezdesousa montezdesousa enabled auto-merge May 2, 2024 11:20
@montezdesousa montezdesousa added this pull request to the merge queue May 2, 2024
Merged via the queue into develop with commit 18115e4 May 2, 2024
11 of 12 checks passed
@piiq piiq deleted the feature/sanitize-history branch May 7, 2024 08:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cli OpenBB Platform CLI enhancement Enhancement P0 security
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants