From 5027a961ab0502af82514ab29a042cae1e7ec0c4 Mon Sep 17 00:00:00 2001 From: Lenard Hess Date: Sun, 26 Feb 2023 18:54:19 +0100 Subject: [PATCH 1/2] Changed password config regex The password regex searches for password assignments, extracts the password and replaces it with a dummy value to prevent it being logged. This change adjusts the password regex to no longer accept trailing characters behind the password string --- ddclient.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ddclient.in b/ddclient.in index f6487e6..776e5d0 100755 --- a/ddclient.in +++ b/ddclient.in @@ -1614,7 +1614,7 @@ sub _read_config { $content .= "$_\n" unless /^#/; ## parsing passwords is special - if (/^([^#]*\s)?([^#]*?password\S*?)\s*=\s*('.*'|[^']\S*)(.*)/) { + if (/^([^#]*\s)?([^#]*?password)\s*=\s*('.*'|[^']\S*)(.*)/) { my ($head, $key, $value, $tail) = ($1 // '', $2, $3, $4); $value = $1 if $value =~ /^'(.*)'$/; $passwords{$key} = $value; From f931b0b8860976418eef7372d7cda1f61ab5e000 Mon Sep 17 00:00:00 2001 From: Lenard Hess Date: Tue, 21 Mar 2023 22:59:25 +0100 Subject: [PATCH 2/2] Implemented _env suffix for configuration With this change, any config value may be set through an environment variable by appending '_env' to the keyword (i.e. 'password_env' instead of 'password') and setting the value to the name of the environment variable that contains the actual configuration value. This allows keeping sensitive info (i.e. login and password) out of the configuration file. Example configuration snippet: protocol=namecheap, \ server=dynamicdns.park-your-domain.com, \ login_env=DD_LOGIN, \ password_env=DD_PASSWORD \ @ With this configuration snippet, ddclient will use the contents of DD_LOGIN as the login value and the contents of DD_PASSWORD as the password value. These can in turn be supplied via the command line, .env files or any other mechanism to safeguard sensitive information. --- ddclient.in | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/ddclient.in b/ddclient.in index 776e5d0..899b674 100755 --- a/ddclient.in +++ b/ddclient.in @@ -1645,6 +1645,25 @@ sub _read_config { ## verify that keywords are valid...and check the value foreach my $k (keys %locals) { + # Handle '_env' keyword suffix + if ($k =~ /(.*)_env$/) + { + debug("Loading value for $1 from environment variable $locals{$k}."); + if (exists($ENV{$locals{$k}})) + { + # Set the value to the value of the environment variable + $locals{$1} = $ENV{$locals{$k}}; + # Remove the '_env' suffix from the key + $k = $1; + } + else + { + warning("Environment variable '$locals{$k}' not set for keyword '$k' (ignored)"); + delete $locals{$k}; + next; + } + } + $locals{$k} = $passwords{$k} if defined $passwords{$k}; if (!exists $variables{'merged'}{$k}) { warning("unrecognized keyword '%s' (ignored)", $k);