qt: Comment out sensitive commands in history to prevent re-execution

Author: waketraindev

src/qt/rpcconsole.cpp

@@ -96,6 +96,7 @@ public Q_SLOTS:
 
 Q_SIGNALS:
     void reply(int category, const QString &command);
+    void noop();
 
 private:
     interfaces::Node& m_node;
@@ -361,6 +362,8 @@ bool RPCConsole::RPCParseCommandLine(interfaces::Node* node, std::string &strRes
         for (auto i = filter_ranges.rbegin(); i != filter_ranges.rend(); ++i) {
             pstrFilteredOut->replace(i->first, i->second - i->first, "(…)");
         }
+        // Prefix "#" to comment out sensitive commands when recalled from history, preventing re-execution
+        if (filter_ranges.size() > 0 && !pstrFilteredOut->starts_with("#")) pstrFilteredOut->insert(0, "#");
     }
     switch(state) // final state
     {
@@ -405,9 +408,16 @@ void RPCExecutor::request(const QString &command, const QString& wallet_name)
                 "   example:    getblock(getblockhash(0) 1)[tx]\n\n"
 
                 "Results without keys can be queried with an integer in brackets using the parenthesized syntax.\n"
-                "   example:    getblock(getblockhash(0),1)[tx][0]\n\n")));
+                "   example:    getblock(getblockhash(0),1)[tx][0]\n\n"
+
+                "Lines starting with '#' are treated as comments and are not executed.\n"
+                "   example:    # Hello world\n\n")));
+            return;
+        } else if (executableCommand.starts_with("#")) {
+            Q_EMIT noop();
             return;
         }
+
         if (!RPCConsole::RPCExecuteCommandLine(m_node, result, executableCommand, nullptr, wallet_name)) {
             Q_EMIT reply(RPCConsole::CMD_ERROR, QString("Parse error: unbalanced ' or \""));
             return;
@@ -1094,6 +1104,12 @@ void RPCConsole::startExecutor()
         m_is_executing = false;
     });
 
+    connect(m_executor, &RPCExecutor::noop, this, [this]() {
+        ui->messagesWidget->undo();
+        scrollToEnd();
+        m_is_executing = false;
+    });
+
     // Make sure executor object is deleted in its own thread
     connect(&thread, &QThread::finished, m_executor, &RPCExecutor::deleteLater);
 

src/qt/test/rpcnestedtests.cpp

@@ -85,18 +85,24 @@ void RPCNestedTests::rpcNestedTests()
     QVERIFY(result == "4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b");
     QVERIFY(filtered == "getblock(getbestblockhash())[tx][0]");
 
+    RPCConsole::RPCParseCommandLine(nullptr, result, "createwallet test true", false, &filtered);
+    QVERIFY(filtered == "#createwallet(…)");
+    RPCConsole::RPCParseCommandLine(nullptr, result, "createwalletdescriptor abc", false, &filtered);
+    QVERIFY(filtered == "#createwalletdescriptor(…)");
+    RPCConsole::RPCParseCommandLine(nullptr, result, "migratewallet abc abc", false, &filtered);
+    QVERIFY(filtered == "#migratewallet(…)");
     RPCConsole::RPCParseCommandLine(nullptr, result, "signmessagewithprivkey abc", false, &filtered);
-    QVERIFY(filtered == "signmessagewithprivkey(…)");
+    QVERIFY(filtered == "#signmessagewithprivkey(…)");
     RPCConsole::RPCParseCommandLine(nullptr, result, "signmessagewithprivkey abc,def", false, &filtered);
-    QVERIFY(filtered == "signmessagewithprivkey(…)");
+    QVERIFY(filtered == "#signmessagewithprivkey(…)");
     RPCConsole::RPCParseCommandLine(nullptr, result, "signrawtransactionwithkey(abc)", false, &filtered);
-    QVERIFY(filtered == "signrawtransactionwithkey(…)");
+    QVERIFY(filtered == "#signrawtransactionwithkey(…)");
     RPCConsole::RPCParseCommandLine(nullptr, result, "walletpassphrase(help())", false, &filtered);
-    QVERIFY(filtered == "walletpassphrase(…)");
+    QVERIFY(filtered == "#walletpassphrase(…)");
     RPCConsole::RPCParseCommandLine(nullptr, result, "walletpassphrasechange(help(walletpassphrasechange(abc)))", false, &filtered);
-    QVERIFY(filtered == "walletpassphrasechange(…)");
+    QVERIFY(filtered == "#walletpassphrasechange(…)");
     RPCConsole::RPCParseCommandLine(nullptr, result, "help(encryptwallet(abc, def))", false, &filtered);
-    QVERIFY(filtered == "help(encryptwallet(…))");
+    QVERIFY(filtered == "#help(encryptwallet(…))");
 
     RPCConsole::RPCExecuteCommandLine(m_node, result, "rpcNestedTest");
     QVERIFY(result == "[]");