Qt/RPCConsole: Don't store commands with potentially sensitive information in the history

Filters importprivkey, signrawtransaction, walletpassphrase, walletpassphrasechange, and encryptwallet
2015-03-13 21:51:27 +01:00 · 2015-03-13 21:51:27 +01:00 · 9044908636
parent fc95daa97f
commit 9044908636
2 changed files with 29 additions and 9 deletions
--- a/src/qt/rpcconsole.cpp
+++ b/src/qt/rpcconsole.cpp
@ -63,6 +63,14 @@ const struct {
    {NULL, NULL}
 };

+// don't add private key handling cmd's to the history
+const QStringList RPCConsole::historyFilter = QStringList()
+    << "importprivkey"
+    << "signrawtransaction"
+    << "walletpassphrase"
+    << "walletpassphrasechange"
+    << "encryptwallet";
+
 /* Object for executing console RPC commands in a separate thread.
 */
 class RPCExecutor : public QObject
@ -755,15 +763,26 @@ void RPCConsole::on_lineEdit_returnPressed()

        message(CMD_REQUEST, cmd);
        Q_EMIT cmdRequest(cmd);
-        // Remove command, if already in history
-        history.removeOne(cmd);
-        // Append command to history
-        history.append(cmd);
-        // Enforce maximum history size
-        while(history.size() > CONSOLE_HISTORY)
-            history.removeFirst();
-        // Set pointer to end of history
-        historyPtr = history.size();
+
+        bool storeHistory = true;
+        Q_FOREACH(QString unallowedCmd, historyFilter)
+        {
+            if (cmd.trimmed().startsWith(unallowedCmd))
+                storeHistory = false; break;
+        }
+
+        if (storeHistory)
+        {
+            // Remove command, if already in history
+            history.removeOne(cmd);
+            // Append command to history
+            history.append(cmd);
+            // Enforce maximum history size
+            while(history.size() > CONSOLE_HISTORY)
+                history.removeFirst();
+            // Set pointer to end of history
+            historyPtr = history.size();
+        }
        // Scroll console view to end
        scrollToEnd();
    }
--- a/src/qt/rpcconsole.h
+++ b/src/qt/rpcconsole.h
@ -140,6 +140,7 @@ private:
    ClientModel *clientModel;
    QStringList history;
    int historyPtr;
+    const static QStringList historyFilter;
    QString cmdBeforeBrowsing;
    QList<NodeId> cachedNodeids;
    const PlatformStyle *platformStyle;