Anonymizer could do better detecting nested paswords

intentionet / netconan

netconan - a Network Configuration Anonymizer

Apache License 2.0

145 stars 12 forks source link

Anonymizer could do better detecting nested paswords #61

Closed dhalperi closed 6 years ago

dhalperi commented 6 years ago

set community \"<snmp community>\"
key <key>
tacacs-server host <ip> key 7 \"key\"

dhalperi commented 6 years ago

In its native habitat:

  "somehost": {
    "Red flags": {
      "1": "MISCELLANEOUS: Unrecognized Line: 378: set community \"FOO\" SUBSEQUENT LINES MAY NOT BE PROCESSED CORRECTLY",
      "2": "MISCELLANEOUS: Unrecognized Line: 379: key \"bar\" SUBSEQUENT LINES MAY NOT BE PROCESSED CORRECTLY",
      "3": "MISCELLANEOUS: Unrecognized Line: 380: tacacs-server 1.2.3.4 key 7 \"key\" SUBSEQUENT LINES MAY NOT BE PROCESSED CORRECTLY",
    }

dhalperi commented 6 years ago

This is obviously a bit of a slippery slope -- there's no obvious reason that we can anonymize arbitrarily-transformed strings (e.g., if we base64-encode the file there's no hope). But this particular case might be solvable, and we should decide if it's in scope.