From b18cf58c8f607bed64d821fcc856e251a391df6a Mon Sep 17 00:00:00 2001 From: Joram Wilander Date: Tue, 3 May 2016 14:45:36 -0400 Subject: Sanitize sensitive data of out config file for the system console (#2849) --- model/client.go | 2 +- model/config.go | 36 +++++++++++++++++++++++++++++++++--- 2 files changed, 34 insertions(+), 4 deletions(-) (limited to 'model') diff --git a/model/client.go b/model/client.go index 7eab008f1..9285368c4 100644 --- a/model/client.go +++ b/model/client.go @@ -611,7 +611,7 @@ func (c *Client) SaveConfig(config *Config) (*Result, *AppError) { return nil, err } else { return &Result{r.Header.Get(HEADER_REQUEST_ID), - r.Header.Get(HEADER_ETAG_SERVER), ConfigFromJson(r.Body)}, nil + r.Header.Get(HEADER_ETAG_SERVER), MapFromJson(r.Body)}, nil } } diff --git a/model/config.go b/model/config.go index 4bb2a7a49..b7c939202 100644 --- a/model/config.go +++ b/model/config.go @@ -28,6 +28,8 @@ const ( GENERIC_NOTIFICATION = "generic" FULL_NOTIFICATION = "full" + + FAKE_SETTING = "********************************" ) type ServiceSettings struct { @@ -597,10 +599,38 @@ func (o *Config) IsValid() *AppError { return nil } -func (me *Config) GetSanitizeOptions() map[string]bool { +func (o *Config) GetSanitizeOptions() map[string]bool { options := map[string]bool{} - options["fullname"] = me.PrivacySettings.ShowFullName - options["email"] = me.PrivacySettings.ShowEmailAddress + options["fullname"] = o.PrivacySettings.ShowFullName + options["email"] = o.PrivacySettings.ShowEmailAddress return options } + +func (o *Config) Sanitize() { + if len(*o.LdapSettings.BindPassword) > 0 { + *o.LdapSettings.BindPassword = FAKE_SETTING + } + + o.FileSettings.PublicLinkSalt = FAKE_SETTING + if len(o.FileSettings.AmazonS3SecretAccessKey) > 0 { + o.FileSettings.AmazonS3SecretAccessKey = FAKE_SETTING + } + + o.EmailSettings.InviteSalt = FAKE_SETTING + o.EmailSettings.PasswordResetSalt = FAKE_SETTING + if len(o.EmailSettings.SMTPPassword) > 0 { + o.EmailSettings.SMTPPassword = FAKE_SETTING + } + + if len(o.GitLabSettings.Secret) > 0 { + o.GitLabSettings.Secret = FAKE_SETTING + } + + o.SqlSettings.DataSource = FAKE_SETTING + o.SqlSettings.AtRestEncryptKey = FAKE_SETTING + + for i := range o.SqlSettings.DataSourceReplicas { + o.SqlSettings.DataSourceReplicas[i] = FAKE_SETTING + } +} -- cgit v1.2.3-1-g7c22