cmdline: warn about redacting suspicious arguments
This foollows on from !3691 (comment 1979641908)
Now samba-tool do-thing --bypass-checks --password secret007
will print a warning if --bypass-checks is not known to be either safe or secret. The hope is the developer adding the option will notice and add it to the appropriate list.
A misspelt --passwrod
will also print the warning in Python tools but not in C tools. That's because the C tools parse argv
before passing it on for redaction, while Python takes a copy of sys.argv
and redacts that before the arguments are parsed. In both cases you should also see --help
like usage advice.
Checklist
-
Commits have Signed-off-by:
with name/author being identical to the commit author -
(optional) This MR is just one part towards a larger feature. -
(optional, if backport required) Bugzilla bug filed and BUG:
tag added -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated -
CI timeout is 3h or higher (see Settings/CICD/General pipelines/ Timeout)
Reviewer's checklist:
-
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to README.Coding.md
-
This feature/change has adequate documentation added -
No obvious mistakes in the code