I have a script which uses the Perl Expect package to interact with various systems and generates a log file. Under certain conditions the systems will print passwords into the log as the script runs. I would like to avoid having the passwords displayed to the user or printed in the log. I also don't want the passwords to show up in other places, such as a ps -elf.

I don't want to modify the code inside the Perl Expect package, and changing the systems the script talks to is out of the question. If possible, I would like the output to be unbuffered, since the systems it talks to tend to get wedged sometimes and the display is very useful to track down problems, especially if you can see the last line.

I have tried various solutions, but I think there is something simple that I am missing about filtering the output of existing scripts.

My current solution looks like this. It doesn't address the last requirement; the output is line buffered, despite setting autoflush. 

use warnings;
use strict;

my $password = "hide_me";
my $log_file = "test.log";
open STDOUT, "| perl | tee -a $log_file";
select STDOUT;
$| = 1;

print <<_END_FILTER_SCRIPT_;
  use warnings;
  use strict;
  select DATA; \$|=1;
  select STDOUT; \$|=1;
  while (<DATA>) {
      s/\Q$password\E/removed/ig;
      print;
  }
  __DATA__
_END_FILTER_SCRIPT_

print "The password is $password\n";
foreach (qw{Output is unbuffered if these words are printed one at a t
+ime.}) {
        print $_, " ";
        sleep 1;
}
print "\n";
sleep 1;
print "Output is line buffered if this appears one second after the la
+st line.\n";
close STDOUT;

[download]
The output looks like this. The second line is delayed by twelve seconds because autoflush is not working, the words should come out one per second instead. 
The password is removed
Output is unbuffered if these words are printed one at a time.
Output is line buffered if this appears one second after the last line
+.

[download]
This is not supposed to be obfuscated, but I should probably point out that the script printed by the first print statment is going to run in the perl started by open. All of the output to be filtered is in the __DATA__ section of that inner script.


Can anyone point out a better way of doing this (without changing library code like Perl Expect)? "Better" can be any combination of unbuffered, easier to understand, easier to maintain, or already packaged in a library that I missed.

In reply to Filtering passwords from the output of a script by quester

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.