File _service:tar_scm:remove-password-printing.patch of Package nmap

From fe806cf15853ecdf6fed2af57f21cf55e3b388b8 Mon Sep 17 00:00:00 2001
From: gaoxingwang <gaoxingwang1@huawei.com>
Date: Tue, 31 Jan 2023 16:47:32 +0800
Subject: [PATCH] remove password printing

diff --git a/scripts/broadcast-ospf2-discover.nse b/scripts/broadcast-ospf2-discover.nse
index ad3fca0..b33c366 100644
--- a/scripts/broadcast-ospf2-discover.nse
+++ b/scripts/broadcast-ospf2-discover.nse
@@ -124,7 +124,7 @@ local ospfDumpHello = function(hello)
   stdnse.print_debug(2, "| Checksum:          %s", hello.header.chksum)
   stdnse.print_debug(2, "| Auth Type:         %s", hello.header.auth_type)
   if hello.header.auth_type == 0x01 then
-    stdnse.print_debug(2, "| Auth Password:     %s", hello.header.auth_data.password)
+    -- stdnse.print_debug(2, "| Auth Password:     %s", hello.header.auth_data.password)
   elseif hello.header.auth_type == 0x02 then
     stdnse.print_debug(2, "| Auth Crypt Key ID: %s", hello.header.auth_data.keyid)
     stdnse.print_debug(2, "| Auth Data Length:  %s", hello.header.auth_data.length)
diff --git a/scripts/cassandra-brute.nse b/scripts/cassandra-brute.nse
index 8363c65..c2dd124 100644
--- a/scripts/cassandra-brute.nse
+++ b/scripts/cassandra-brute.nse
@@ -54,21 +54,21 @@ Driver = {
     local status, err = self.socket:send(string.pack(">I4", #loginstr))
     local combo = username..":"..password
     if ( not(status) ) then
-      local err = brute.Error:new( "couldn't send length:"..combo )
+      local err = brute.Error:new( "couldn't send length:" )
       err:setAbort( true )
       return false, err
     end
 
     status, err = self.socket:send(loginstr)
     if ( not(status) ) then
-      local err = brute.Error:new( "couldn't send login packet: "..combo )
+      local err = brute.Error:new( "couldn't send login packet: " )
       err:setAbort( true )
       return false, err
     end
 
     local status, response = self.socket:receive_bytes(22)
     if ( not(status) ) then
-      local err = brute.Error:new( "couldn't receive login reply size: "..combo )
+      local err = brute.Error:new( "couldn't receive login reply size: " )
       err:setAbort( true )
       return false, err
     end
@@ -78,16 +78,16 @@ Driver = {
     magic = string.sub(response,18,22)
 
     if (magic == cassandra.LOGINSUCC) then
-      stdnse.debug3("Account SUCCESS: "..combo)
+      stdnse.debug3("Account SUCCESS: ")
       return true, creds.Account:new(username, password, creds.State.VALID)
     elseif (magic == cassandra.LOGINFAIL) then
-      stdnse.debug3("Account FAIL: "..combo)
+      stdnse.debug3("Account FAIL: ")
       return false, brute.Error:new( "Incorrect password" )
     elseif (magic == cassandra.LOGINACC) then
-      stdnse.debug3("Account VALID, but wrong password: "..combo)
+      stdnse.debug3("Account VALID, but wrong password: ")
       return false, brute.Error:new( "Good user, bad password" )
     else
-      stdnse.debug3("Unrecognized packet for "..combo)
+      stdnse.debug3("Unrecognized packet for ")
       stdnse.debug3("packet hex: %s", stdnse.tohex(response) )
       stdnse.debug3("size packet hex: %s", stdnse.tohex(size) )
       stdnse.debug3("magic packet hex: %s", stdnse.tohex(magic) )
diff --git a/scripts/cics-user-brute.nse b/scripts/cics-user-brute.nse
index 768813e..559d752 100644
--- a/scripts/cics-user-brute.nse
+++ b/scripts/cics-user-brute.nse
@@ -176,7 +176,7 @@ Driver = {
            self.tn3270:find('TSS7000I')  or
            self.tn3270:find('TSS7110E Password Has Expired. New Password Missing')  or
            self.tn3270:find('TSS7001I')  then
-      stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass)
+      -- stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass)
       return true, creds.Account:new(user, pass, creds.State.VALID)
     else
       -- ok whoa, something happened, print the screen but don't store as valid
diff --git a/scripts/ldap-brute.nse b/scripts/ldap-brute.nse
index b239525..085e3a0 100644
--- a/scripts/ldap-brute.nse
+++ b/scripts/ldap-brute.nse
@@ -233,7 +233,7 @@ action = function( host, port )
       -- Login correct, account disabled
       if not status and response:match("AcceptSecurityContext error, data 533,") then
         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" ) )
-        stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" )
+        -- stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" )
         credTable:add(fq_username,password, creds.State.DISABLED_VALID)
         break
       end
@@ -241,7 +241,7 @@ action = function( host, port )
       -- Login correct, user must change password
       if not status and response:match("AcceptSecurityContext error, data 773,") then
         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>" ) )
-        stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>")
+        -- stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>")
         credTable:add(fq_username,password, creds.State.CHANGEPW)
         break
       end
@@ -249,7 +249,7 @@ action = function( host, port )
       -- Login correct, user account expired
       if not status and response:match("AcceptSecurityContext error, data 701,") then
         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>" ) )
-        stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>")
+        -- stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>")
         credTable:add(fq_username,password, creds.State.EXPIRED)
         break
       end
@@ -257,7 +257,7 @@ action = function( host, port )
       -- Login correct, user account logon time restricted
       if not status and response:match("AcceptSecurityContext error, data 530,") then
         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>" ) )
-        stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>")
+        -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>")
         credTable:add(fq_username,password, creds.State.TIME_RESTRICTED)
         break
       end
@@ -265,7 +265,7 @@ action = function( host, port )
       -- Login correct, user account can only log in from certain workstations
       if not status and response:match("AcceptSecurityContext error, data 531,") then
         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>" ) )
-        stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>")
+        -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>")
         credTable:add(fq_username,password, creds.State.HOST_RESTRICTED)
         break
       end
@@ -275,7 +275,7 @@ action = function( host, port )
         status = is_valid_credential( socket, context )
         if status then
           table.insert( valid_accounts, string.format("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>" ) )
-          stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>")
+          -- stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>")
           -- Add credentials for other ldap scripts to use
           if nmap.registry.ldapaccounts == nil then
             nmap.registry.ldapaccounts = {}
diff --git a/scripts/nje-pass-brute.nse b/scripts/nje-pass-brute.nse
index 5cb29f6..1213906 100644
--- a/scripts/nje-pass-brute.nse
+++ b/scripts/nje-pass-brute.nse
@@ -113,7 +113,7 @@ Driver = {
     -- When we send an 'I' record, if the password is invalid it will reply with a 'B' record
     -- B in EBCDIC is 0xC2
     if data:sub(19,19) ~= "\xc2" then
-      stdnse.verbose(2,"Valid NJE Password: %s", password)
+      -- stdnse.verbose(2,"Valid NJE Password: %s", password)
       return true, creds.Account:new("Password", password, creds.State.VALID)
     end
     return false, brute.Error:new( "Invalid Password" )
diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse
index 8a94987..1fb4b0e 100644
--- a/scripts/oracle-brute.nse
+++ b/scripts/oracle-brute.nse
@@ -156,7 +156,7 @@ Driver =
       return true, creds.Account:new(username .. " as sysdba", password, creds.State.VALID)
     -- check for any other message
     elseif ( data:match("ORA[-]%d+")) then
-      stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )
+      -- stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )
       return false, brute.Error:new(data)
     -- any other errors are likely communication related, attempt to re-try
     else
diff --git a/scripts/tso-brute.nse b/scripts/tso-brute.nse
index ff52c0c..2690a13 100644
--- a/scripts/tso-brute.nse
+++ b/scripts/tso-brute.nse
@@ -99,7 +99,7 @@ Driver = {
     local skip = self.options['skip']
     stdnse.debug(2,"Getting to TSO")
     local run = stringaux.strsplit(";%s*", commands)
-    stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass)
+    -- stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass)
     for i = 1, #run do
       stdnse.debug(2,"Issuing Command (#%s of %s): %s", i, #run ,run[i])
       if i == #run and run[i]:upper():find("LOGON APPLID") and skip then
@@ -159,7 +159,7 @@ Driver = {
       return false,  brute.Error:new( "User ID not authorized to use TSO" )
     else
       -- It's a valid account so lets try a password
-      stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass)
+      -- stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass)
       if always_logon then
         local writeable = self.tn3270:writeable()
         -- This turns on the 'reconnect' which may boot users off
-- 
2.33.0