Add handling for privileged exec mode (#284)

This ensures that passwords are not written into history by not running the `enable` command when already in privileged exec mode. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
inspec · Apr 18, 2018 · 503f3f3 · 503f3f3
1 parent de3ec80
commit 503f3f3
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/lib/train/transports/cisco_ios_connection.rb b/lib/train/transports/cisco_ios_connection.rb
@@ -45,7 +45,11 @@ def session
 
       # Escalate privilege to enable mode if password is given
       if @enable_password
-        run_command_via_connection("enable\r\n#{@enable_password}")
+        # This verifies we are not in privileged exec mode before running the
+        # enable command. Otherwise, the password will be in history.
+        if run_command_via_connection('show privilege').stdout.split[-1] != '15'
+          run_command_via_connection("enable\r\n#{@enable_password}")
+        end
       end
 
       # Prevent `--MORE--` by removing terminal length limit