Storage Engine view obscures candidate password

The JSON configuration typically includes passwords, which are potentially deep in the structure. We traverse the parsed JSON data, censoring any fields that begin or end with "pass" or "pw". Fixes UIHAADM-107.
indexdata · Jan 19, 2024 · c86fa75 · c86fa75
1 parent 1fa6b97
commit c86fa75
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@
 * When trying to delete an in-use step, this is rejected with a polite error message. Fixes last part of UIHAADM-9.
 * When editing a Transformation Pipeline, allow re-ordering of steps. Fixes UIHAADM-108.
 * Status is once more displayed in Job pane-title. Fixes UIHAADM-120.
+* When viewing a Storage Engine, obscure possible passwords in JSON configuration. Fixes UIHAADM-107.
 
 ## [2.0.0](https://github.com/folio-org/ui-harvester-admin/tree/v2.0.0) (2023-10-13)
 

diff --git a/src/settings/StorageDetail.js b/src/settings/StorageDetail.js
@@ -5,9 +5,38 @@ import { Col, Row, KeyValue, Accordion } from '@folio/stripes/components';
 import { bool2display } from './transformBooleans';
 
 
+function censorPasswords(val) {
+  if (Array.isArray(val)) {
+    return val.map(x => censorPasswords(x));
+  } else if (typeof val === 'object') {
+    const censored = {};
+    Object.keys(val).forEach(key => {
+      if (typeof val[key] === 'string' &&
+          (key.match(/^(pw|pass)/i) ||
+           key.match(/(pw|password)$/i))) {
+        censored[key] = '***censored***';
+      } else {
+        censored[key] = censorPasswords(val[key]);
+      }
+    });
+    return censored;
+  }
+
+  return val;
+}
+
+
 const StorageDetail = (props) => {
   const data = props.initialValues;
 
+  let jval;
+  try {
+    jval = JSON.parse(data.json);
+  } catch (e) {
+    jval = '[unparseable JSON]';
+  }
+  const censoredJson = censorPasswords(jval);
+
   return (
     <>
       <Row>
@@ -47,7 +76,7 @@ const StorageDetail = (props) => {
           <Col xs={12}>
             <KeyValue
               label={<FormattedMessage id="ui-harvester-admin.storage.field.json" />}
-              value={data.json}
+              value={JSON.stringify(censoredJson, null, 2)}
             />
           </Col>
         </Row>