From c86fa755a425baa47b43a1b2289f6afb3cdeb5ff Mon Sep 17 00:00:00 2001
From: Mike Taylor <mike@indexdata.com>
Date: Fri, 19 Jan 2024 18:24:21 +0000
Subject: [PATCH] Storage Engine view obscures candidate password

The JSON configuration typically includes passwords, which are
potentially deep in the structure. We traverse the parsed JSON data,
censoring any fields that begin or end with "pass" or "pw".

Fixes UIHAADM-107.
---
 CHANGELOG.md                  |  1 +
 src/settings/StorageDetail.js | 31 ++++++++++++++++++++++++++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c239897..a62a7c4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@
 * When trying to delete an in-use step, this is rejected with a polite error message. Fixes last part of UIHAADM-9.
 * When editing a Transformation Pipeline, allow re-ordering of steps. Fixes UIHAADM-108.
 * Status is once more displayed in Job pane-title. Fixes UIHAADM-120.
+* When viewing a Storage Engine, obscure possible passwords in JSON configuration. Fixes UIHAADM-107.
 
 ## [2.0.0](https://github.com/folio-org/ui-harvester-admin/tree/v2.0.0) (2023-10-13)
 
diff --git a/src/settings/StorageDetail.js b/src/settings/StorageDetail.js
index f625903..e3fecd1 100644
--- a/src/settings/StorageDetail.js
+++ b/src/settings/StorageDetail.js
@@ -5,9 +5,38 @@ import { Col, Row, KeyValue, Accordion } from '@folio/stripes/components';
 import { bool2display } from './transformBooleans';
 
 
+function censorPasswords(val) {
+  if (Array.isArray(val)) {
+    return val.map(x => censorPasswords(x));
+  } else if (typeof val === 'object') {
+    const censored = {};
+    Object.keys(val).forEach(key => {
+      if (typeof val[key] === 'string' &&
+          (key.match(/^(pw|pass)/i) ||
+           key.match(/(pw|password)$/i))) {
+        censored[key] = '***censored***';
+      } else {
+        censored[key] = censorPasswords(val[key]);
+      }
+    });
+    return censored;
+  }
+
+  return val;
+}
+
+
 const StorageDetail = (props) => {
   const data = props.initialValues;
 
+  let jval;
+  try {
+    jval = JSON.parse(data.json);
+  } catch (e) {
+    jval = '[unparseable JSON]';
+  }
+  const censoredJson = censorPasswords(jval);
+
   return (
     <>
       <Row>
@@ -47,7 +76,7 @@ const StorageDetail = (props) => {
           <Col xs={12}>
             <KeyValue
               label={<FormattedMessage id="ui-harvester-admin.storage.field.json" />}
-              value={data.json}
+              value={JSON.stringify(censoredJson, null, 2)}
             />
           </Col>
         </Row>