Filter user password from raw FSD message

Everytime a login packet is sent, it contains the password in clear text. This was also written to file log and users might send this file to developers without knowing. The password is now filtered by comparing all FSD messages until the login packet is found.
2026-03-24 07:55:35 +08:00 · 2018-02-13 20:31:17 +01:00
parent 5cc70c2903
commit ff37704a59
2 changed files with 14 additions and 1 deletions
--- a/src/blackcore/vatsim/networkvatlib.cpp
+++ b/src/blackcore/vatsim/networkvatlib.cpp
@@ -454,6 +454,7 @@ namespace BlackCore
            Q_ASSERT_X(isDisconnected(), Q_FUNC_INFO, "Can't connect while still connected");
            if (!m_net) { initializeSession(); }
            this->clearState();
+            m_filterPasswordFromLogin = true;
            QByteArray callsign = toFSD(m_loginMode == LoginAsObserver ?
                                        m_ownCallsign.getAsObserverCallsignString() :
                                        m_ownCallsign.asString());
@@ -1052,7 +1053,18 @@ namespace BlackCore
        void CNetworkVatlib::handleRawFsdMessage(const QString &fsdMessage)
        {
            if (!m_rawFsdMessagesEnabled) { return; }
-            CRawFsdMessage rawFsdMessage(fsdMessage);
+            QString fsdMessageFiltered(fsdMessage);
+            if (m_filterPasswordFromLogin)
+            {
+                if (fsdMessageFiltered.startsWith("FSD Sent=>#AP"))
+                {
+                    thread_local const QRegularExpression re("^(FSD Sent=>#AP\\w+:SERVER:\\d+:)[^:]+(:\\d:\\d+:\\d:.+)$");
+                    fsdMessageFiltered.replace(re, "\\1<password>\\2");
+                    m_filterPasswordFromLogin = false;
+                }
+            }
+
+            CRawFsdMessage rawFsdMessage(fsdMessageFiltered);
            rawFsdMessage.setCurrentUtcTime();
            if (m_rawFsdMessageLogFile.isOpen())
            {
--- a/src/blackcore/vatsim/networkvatlib.h
+++ b/src/blackcore/vatsim/networkvatlib.h
@@ -280,6 +280,7 @@ namespace BlackCore
            BlackMisc::CSettingReadOnly<BlackCore::Vatsim::TRawFsdMessageSetting> m_fsdMessageSetting { this, &CNetworkVatlib::fsdMessageSettingsChanged };
            QFile m_rawFsdMessageLogFile;
            bool m_rawFsdMessagesEnabled = false;
+            bool m_filterPasswordFromLogin = false;
        };
    } //namespace
 } //namespace