Add option to disable cqlsh history

We can disable saving of the history either via command-line parameter --disable-history, or by setting disabled = True in the history section of the cqlshrc. Both options will read existing history, and just won't save new commands.

Update help and docs for cqlsh history.
Add startup info logline whenr history logging is enabled.
Add a fix for cqlshrc file path not correctly expanding.

patch by Ekaterina Dimitrova; reviewed by Mick Semb Wever for CASSANDRA-XXX

Co-authored-by: Alex Ott alex.ott@datastax.com
Co-authored-by: Jaroslaw Grabowski jaroslaw.grabowski@datastax.com

Author: ekaterinadimitrova2

conf/cqlshrc.sample

@@ -104,6 +104,15 @@ port = 9042
 ; max_trace_wait = 10.0
 
 
+[history]
+;; Controls whether command history is saved to ~/.cassandra/cqlsh_history
+;; When disabled, existing history will still be loaded but new commands
+;; will not be saved. This can be useful for security purposes to prevent
+;; sensitive commands (e.g., those containing passwords) from being persisted.
+;; This can also be controlled via the --disable-history command line option.
+; disabled = false
+
+
 ;[ssl]
 ; certfile = ~/keys/cassandra.cert
 

doc/modules/cassandra/pages/managing/tools/cqlsh.adoc

@@ -57,8 +57,8 @@ Example config values and documentation can be found in the
 [[cql_history]]
 == cql history
 
-All CQL commands you execute are written to a history file. By default, CQL history will be written to `~/.cassandra/cql_history`. You can change this default by setting the environment variable `CQL_HISTORY` like `~/some/other/path/to/cqlsh_history` where `cqlsh_history` is a file. All parent directories to history file will be created if they do not exist. If you do not want to persist history, you can do so by setting CQL_HISTORY to /dev/null.
-This feature is supported from Cassandra 4.1.
+All CQL commands you execute are written to a history file. By default, CQL history will be written to `~/.cassandra/cql_history`.
+You can change this default by setting the environment variable `CQL_HISTORY` like `~/some/other/path/to/cqlsh_history` where `cqlsh_history` is a file. All parent directories to history file will be created if they do not exist. If you do not want to persist history, you can do so by setting CQL_HISTORY to `/dev/null`. This can also be controlled via the --disable-history command line option or from the cqlshrc file. Disabling history is supported since Cassandra 4.0.
 
 == Command Line Options
 

pylib/cqlshlib/cqlshmain.py

@@ -25,6 +25,7 @@
 import sys
 import time
 import traceback
+from typing import Any
 import warnings
 import webbrowser
 from contextlib import contextmanager
@@ -93,7 +94,6 @@
 
 # BEGIN history config
 
-
 def mkdirp(path):
     """Creates all parent directories up to path parameter or fails when path exists, but it is not a directory."""
 
@@ -120,6 +120,16 @@ def resolve_cql_history_file():
 except OSError:
     print('\nWarning: Cannot create directory at `%s`. Command history will not be saved. Please check what was the environment property CQL_HISTORY set to.\n' % HISTORY_DIR)
 
+OLD_HISTORY = os.path.expanduser(os.path.join('~', '.cqlsh_history'))
+if os.path.exists(OLD_HISTORY):
+    if os.path.exists(HISTORY):
+        print('\nWarning: .cqlsh_history files were found at both the old location ({0})'
+            + ' and the new location ({1}), the old file will not be migrated to the new'
+            + ' location, and the new location will be used for now.  You should manually'
+            + ' consolidate these files at the new location, and remove the old file.'
+            .format(OLD_HISTORY, HISTORY))
+    else:
+        os.rename(OLD_HISTORY, HISTORY)
 
 # END history config
 
@@ -272,7 +282,8 @@ def __init__(self, hostname, port, config_file, color=False,
                  protocol_version=None,
                  connect_timeout=DEFAULT_CONNECT_TIMEOUT_SECONDS,
                  is_subshell=False,
-                 auth_provider=None):
+                 auth_provider=None,
+                 disable_history=False):
         cmd.Cmd.__init__(self, completekey=completekey)
         self.hostname = hostname
         self.port = port
@@ -357,6 +368,14 @@ def __init__(self, hostname, port, config_file, color=False,
             self.reset_prompt()
             self.report_connection()
             print('Use HELP for help.')
+            # Inform users about history logging if not disabled
+            if not disable_history and readline is not None:
+                print()
+                print("ATTENTION: All commands will be saved to history file: %s" % HISTORY)
+                print("This may include sensitive information such as passwords.")
+                print("To disable history, use --disable-history or set 'disabled = true' in the [history] section of cqlshrc.")
+                print("See https://cassandra.apache.org/doc/latest/tools/cqlsh.html for more information.")
+                print()
         else:
             self.show_line_nums = True
         self.stdin = stdin
@@ -1896,8 +1915,8 @@ def init_history(self):
             delims += '.'
             readline.set_completer_delims(delims)
 
-    def save_history(self):
-        if readline is not None:
+    def save_history(self, history_disabled=False):
+        if readline is not None and not history_disabled:
             try:
                 readline.write_history_file(HISTORY)
             except IOError:
@@ -2037,7 +2056,7 @@ def read_options(cmdlineargs, parser, config_file, cql_dir, environment=os.envir
     argvalues.request_timeout = option_with_default(configs.getint, 'connection', 'request_timeout', Shell.DEFAULT_REQUEST_TIMEOUT_SECONDS)
     argvalues.execute = None
     argvalues.insecure_password_without_warning = False
-
+    argvalues.disable_history = option_with_default(configs.getboolean, 'history', 'disabled', False)
     options, arguments = parser.parse_known_args(cmdlineargs, argvalues)
 
     # Credentials from cqlshrc will be expanded,
@@ -2208,6 +2227,8 @@ def main(cmdline, pkgpath):
                         help='Specify the default request timeout in seconds (default: %(default)s seconds).')
     parser.add_argument("-t", "--tty", action='store_true', dest='tty',
                         help='Force tty mode (command prompt).')
+    parser.add_argument('--disable-history', default=False, action='store_true',
+                        help='Disable saving of history (existing history will still be loaded)')
 
     # This is a hidden option to suppress the warning when the -p/--password command line option is used.
     # Power users may use this option if they know no other people has access to the system where cqlsh is run or don't care about security.
@@ -2233,6 +2254,18 @@ def main(cmdline, pkgpath):
         config_file = default_cqlshrc
 
     cql_dir = os.path.dirname(config_file)
+
+    old_config_file = os.path.expanduser(os.path.join('~', '.cqlshrc'))
+    if os.path.exists(old_config_file):
+        if os.path.exists(config_file):
+            print('\nWarning: cqlshrc config files were found at both the old location ({0})'
+                + ' and the new location ({1}), the old config file will not be migrated to the new'
+                + ' location, and the new location will be used for now.  You should manually'
+                + ' consolidate the config files at the new location and remove the old file.'
+                .format(old_config_file, config_file))
+        else:
+            os.rename(old_config_file, config_file)
+
     (options, hostname, port) = read_options(cmdline, parser, config_file, cql_dir)
 
     docspath = get_docspath(pkgpath)
@@ -2332,7 +2365,8 @@ def main(cmdline, pkgpath):
                           config_file=config_file,
                           cred_file=options.credentials,
                           username=options.username,
-                          password=options.password))
+                          password=options.password),
+                      disable_history=options.disable_history)
     except KeyboardInterrupt:
         sys.exit('Connection aborted.')
     except CQL_ERRORS as e:
@@ -2353,7 +2387,7 @@ def handle_sighup():
 
     shell.init_history()
     shell.cmdloop()
-    shell.save_history()
+    shell.save_history(options.disable_history)
 
     if shell.batch_mode and shell.statement_error:
         sys.exit(2)