search

intentionet / netconan

netconan - a Network Configuration Anonymizer
Apache License 2.0
145 stars 12 forks source link

FortiOS multiline private-keys & certificates are not handled correctly #156

Open ryanmerolle opened 3 years ago

ryanmerolle commented 3 years ago

FortiOS multiline private-keys are not handled correctly. Only the first line is handled

private-keys can be found in multiple sections of a config, but as an example:

config vpn certificate local
    edit "fortinet_CA_SSL"
        set password ENC 535456656ghffgfdgfdgf
        set comments "This is the default CA certificate the SSL Inspection....."
        set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
gfgGFDBFFFfffffffffffffffffffffffffffffffghhgfhhfhghghghgjjghfh
<continues for several lines>
-----END ENCRYPTED PRIVATE KEY-----"
        set certificate "-----BEGIN CERTIFICATE-----
gfgGFDBFFFfffffffffffffffffffffffffffffffghhgfhhfhghghghgjjghfh
<continues for several lines>
-----END CERTIFICATE-----"
    next
end
ryanmerolle commented 3 years ago

The first line of the private-key is being anonymized, but not the entire key. The certificate is not being anonymized.