Sanitize sensitive data of out config file for the system console (#2849)

2025-02-25 18:55:24 -06:00 · 2016-05-03 14:45:36 -04:00
parent 87989b8afd
commit b18cf58c8f
5 changed files with 112 additions and 15 deletions
--- a/api/admin.go
+++ b/api/admin.go
@@ -127,10 +127,11 @@ func getConfig(c *Context, w http.ResponseWriter, r *http.Request) {

 	json := utils.Cfg.ToJson()
 	cfg := model.ConfigFromJson(strings.NewReader(json))
-	json = cfg.ToJson()
+
+	cfg.Sanitize()

 	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
-	w.Write([]byte(json))
+	w.Write([]byte(cfg.ToJson()))
 }

 func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -145,6 +146,7 @@ func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) {
 	}

 	cfg.SetDefaults()
+	utils.Desanitize(cfg)

 	if err := cfg.IsValid(); err != nil {
 		c.Err = err
@@ -160,8 +162,10 @@ func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) {

 	utils.SaveConfig(utils.CfgFileName, cfg)
 	utils.LoadConfig(utils.CfgFileName)
-	json := utils.Cfg.ToJson()
-	w.Write([]byte(json))
+
+	rdata := map[string]string{}
+	rdata["status"] = "OK"
+	w.Write([]byte(model.MapToJson(rdata)))
 }

 func testEmail(c *Context, w http.ResponseWriter, r *http.Request) {
--- a/api/admin_test.go
+++ b/api/admin_test.go
@@ -68,6 +68,37 @@ func TestGetConfig(t *testing.T) {
 		if len(cfg.TeamSettings.SiteName) == 0 {
 			t.Fatal()
 		}
+
+		if *cfg.LdapSettings.BindPassword != model.FAKE_SETTING && len(*cfg.LdapSettings.BindPassword) != 0 {
+			t.Fatal("did not sanitize properly")
+		}
+		if cfg.FileSettings.PublicLinkSalt != model.FAKE_SETTING {
+			t.Fatal("did not sanitize properly")
+		}
+		if cfg.FileSettings.AmazonS3SecretAccessKey != model.FAKE_SETTING && len(cfg.FileSettings.AmazonS3SecretAccessKey) != 0 {
+			t.Fatal("did not sanitize properly")
+		}
+		if cfg.EmailSettings.InviteSalt != model.FAKE_SETTING {
+			t.Fatal("did not sanitize properly")
+		}
+		if cfg.EmailSettings.PasswordResetSalt != model.FAKE_SETTING {
+			t.Fatal("did not sanitize properly")
+		}
+		if cfg.EmailSettings.SMTPPassword != model.FAKE_SETTING && len(cfg.EmailSettings.SMTPPassword) != 0 {
+			t.Fatal("did not sanitize properly")
+		}
+		if cfg.GitLabSettings.Secret != model.FAKE_SETTING && len(cfg.GitLabSettings.Secret) != 0 {
+			t.Fatal("did not sanitize properly")
+		}
+		if cfg.SqlSettings.DataSource != model.FAKE_SETTING {
+			t.Fatal("did not sanitize properly")
+		}
+		if cfg.SqlSettings.AtRestEncryptKey != model.FAKE_SETTING {
+			t.Fatal("did not sanitize properly")
+		}
+		if !strings.Contains(strings.Join(cfg.SqlSettings.DataSourceReplicas, " "), model.FAKE_SETTING) && len(cfg.SqlSettings.DataSourceReplicas) != 0 {
+			t.Fatal("did not sanitize properly")
+		}
 	}
 }

@@ -80,14 +111,8 @@ func TestSaveConfig(t *testing.T) {

 	*utils.Cfg.TeamSettings.EnableOpenServer = false

-	if result, err := th.SystemAdminClient.SaveConfig(utils.Cfg); err != nil {
+	if _, err := th.SystemAdminClient.SaveConfig(utils.Cfg); err != nil {
 		t.Fatal(err)
-	} else {
-		cfg := result.Data.(*model.Config)
-
-		if len(cfg.TeamSettings.SiteName) == 0 {
-			t.Fatal()
-		}
 	}

 	*utils.Cfg.TeamSettings.EnableOpenServer = true
--- a/model/client.go
+++ b/model/client.go
@@ -611,7 +611,7 @@ func (c *Client) SaveConfig(config *Config) (*Result, *AppError) {
 		return nil, err
 	} else {
 		return &Result{r.Header.Get(HEADER_REQUEST_ID),
-			r.Header.Get(HEADER_ETAG_SERVER), ConfigFromJson(r.Body)}, nil
+			r.Header.Get(HEADER_ETAG_SERVER), MapFromJson(r.Body)}, nil
 	}
 }

--- a/model/config.go
+++ b/model/config.go
@@ -28,6 +28,8 @@ const (

 	GENERIC_NOTIFICATION = "generic"
 	FULL_NOTIFICATION    = "full"
+
+	FAKE_SETTING = "********************************"
 )

 type ServiceSettings struct {
@@ -597,10 +599,38 @@ func (o *Config) IsValid() *AppError {
 	return nil
 }

-func (me *Config) GetSanitizeOptions() map[string]bool {
+func (o *Config) GetSanitizeOptions() map[string]bool {
 	options := map[string]bool{}
-	options["fullname"] = me.PrivacySettings.ShowFullName
-	options["email"] = me.PrivacySettings.ShowEmailAddress
+	options["fullname"] = o.PrivacySettings.ShowFullName
+	options["email"] = o.PrivacySettings.ShowEmailAddress

 	return options
 }
+
+func (o *Config) Sanitize() {
+	if len(*o.LdapSettings.BindPassword) > 0 {
+		*o.LdapSettings.BindPassword = FAKE_SETTING
+	}
+
+	o.FileSettings.PublicLinkSalt = FAKE_SETTING
+	if len(o.FileSettings.AmazonS3SecretAccessKey) > 0 {
+		o.FileSettings.AmazonS3SecretAccessKey = FAKE_SETTING
+	}
+
+	o.EmailSettings.InviteSalt = FAKE_SETTING
+	o.EmailSettings.PasswordResetSalt = FAKE_SETTING
+	if len(o.EmailSettings.SMTPPassword) > 0 {
+		o.EmailSettings.SMTPPassword = FAKE_SETTING
+	}
+
+	if len(o.GitLabSettings.Secret) > 0 {
+		o.GitLabSettings.Secret = FAKE_SETTING
+	}
+
+	o.SqlSettings.DataSource = FAKE_SETTING
+	o.SqlSettings.AtRestEncryptKey = FAKE_SETTING
+
+	for i := range o.SqlSettings.DataSourceReplicas {
+		o.SqlSettings.DataSourceReplicas[i] = FAKE_SETTING
+	}
+}
--- a/utils/config.go
+++ b/utils/config.go
@@ -283,3 +283,41 @@ func ValidateLdapFilter(cfg *model.Config) *model.AppError {
 	}
 	return nil
 }
+
+func Desanitize(cfg *model.Config) {
+	if *cfg.LdapSettings.BindPassword == model.FAKE_SETTING {
+		*cfg.LdapSettings.BindPassword = *Cfg.LdapSettings.BindPassword
+	}
+
+	if cfg.FileSettings.PublicLinkSalt == model.FAKE_SETTING {
+		cfg.FileSettings.PublicLinkSalt = Cfg.FileSettings.PublicLinkSalt
+	}
+	if cfg.FileSettings.AmazonS3SecretAccessKey == model.FAKE_SETTING {
+		cfg.FileSettings.AmazonS3SecretAccessKey = Cfg.FileSettings.AmazonS3SecretAccessKey
+	}
+
+	if cfg.EmailSettings.InviteSalt == model.FAKE_SETTING {
+		cfg.EmailSettings.InviteSalt = Cfg.EmailSettings.InviteSalt
+	}
+	if cfg.EmailSettings.PasswordResetSalt == model.FAKE_SETTING {
+		cfg.EmailSettings.PasswordResetSalt = Cfg.EmailSettings.PasswordResetSalt
+	}
+	if cfg.EmailSettings.SMTPPassword == model.FAKE_SETTING {
+		cfg.EmailSettings.SMTPPassword = Cfg.EmailSettings.SMTPPassword
+	}
+
+	if cfg.GitLabSettings.Secret == model.FAKE_SETTING {
+		cfg.GitLabSettings.Secret = Cfg.GitLabSettings.Secret
+	}
+
+	if cfg.SqlSettings.DataSource == model.FAKE_SETTING {
+		cfg.SqlSettings.DataSource = Cfg.SqlSettings.DataSource
+	}
+	if cfg.SqlSettings.AtRestEncryptKey == model.FAKE_SETTING {
+		cfg.SqlSettings.AtRestEncryptKey = Cfg.SqlSettings.AtRestEncryptKey
+	}
+
+	for i := range cfg.SqlSettings.DataSourceReplicas {
+		cfg.SqlSettings.DataSourceReplicas[i] = Cfg.SqlSettings.DataSourceReplicas[i]
+	}
+}