From b18cf58c8f607bed64d821fcc856e251a391df6a Mon Sep 17 00:00:00 2001 From: Joram Wilander Date: Tue, 3 May 2016 14:45:36 -0400 Subject: Sanitize sensitive data of out config file for the system console (#2849) --- api/admin.go | 12 ++++++++---- api/admin_test.go | 39 ++++++++++++++++++++++++++++++++------- 2 files changed, 40 insertions(+), 11 deletions(-) (limited to 'api') diff --git a/api/admin.go b/api/admin.go index 930170619..7ab2c9cfc 100644 --- a/api/admin.go +++ b/api/admin.go @@ -127,10 +127,11 @@ func getConfig(c *Context, w http.ResponseWriter, r *http.Request) { json := utils.Cfg.ToJson() cfg := model.ConfigFromJson(strings.NewReader(json)) - json = cfg.ToJson() + + cfg.Sanitize() w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") - w.Write([]byte(json)) + w.Write([]byte(cfg.ToJson())) } func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) { @@ -145,6 +146,7 @@ func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) { } cfg.SetDefaults() + utils.Desanitize(cfg) if err := cfg.IsValid(); err != nil { c.Err = err @@ -160,8 +162,10 @@ func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) { utils.SaveConfig(utils.CfgFileName, cfg) utils.LoadConfig(utils.CfgFileName) - json := utils.Cfg.ToJson() - w.Write([]byte(json)) + + rdata := map[string]string{} + rdata["status"] = "OK" + w.Write([]byte(model.MapToJson(rdata))) } func testEmail(c *Context, w http.ResponseWriter, r *http.Request) { diff --git a/api/admin_test.go b/api/admin_test.go index 2edc151bd..1d8f6bb6b 100644 --- a/api/admin_test.go +++ b/api/admin_test.go @@ -68,6 +68,37 @@ func TestGetConfig(t *testing.T) { if len(cfg.TeamSettings.SiteName) == 0 { t.Fatal() } + + if *cfg.LdapSettings.BindPassword != model.FAKE_SETTING && len(*cfg.LdapSettings.BindPassword) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.FileSettings.PublicLinkSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.FileSettings.AmazonS3SecretAccessKey != model.FAKE_SETTING && len(cfg.FileSettings.AmazonS3SecretAccessKey) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.InviteSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.PasswordResetSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.SMTPPassword != model.FAKE_SETTING && len(cfg.EmailSettings.SMTPPassword) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.GitLabSettings.Secret != model.FAKE_SETTING && len(cfg.GitLabSettings.Secret) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.SqlSettings.DataSource != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.SqlSettings.AtRestEncryptKey != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if !strings.Contains(strings.Join(cfg.SqlSettings.DataSourceReplicas, " "), model.FAKE_SETTING) && len(cfg.SqlSettings.DataSourceReplicas) != 0 { + t.Fatal("did not sanitize properly") + } } } @@ -80,14 +111,8 @@ func TestSaveConfig(t *testing.T) { *utils.Cfg.TeamSettings.EnableOpenServer = false - if result, err := th.SystemAdminClient.SaveConfig(utils.Cfg); err != nil { + if _, err := th.SystemAdminClient.SaveConfig(utils.Cfg); err != nil { t.Fatal(err) - } else { - cfg := result.Data.(*model.Config) - - if len(cfg.TeamSettings.SiteName) == 0 { - t.Fatal() - } } *utils.Cfg.TeamSettings.EnableOpenServer = true -- cgit v1.2.3-1-g7c22