Kea 2.7.5
redact_config.cc
Go to the documentation of this file.
1// Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC")
2//
3// This Source Code Form is subject to the terms of the Mozilla Public
4// License, v. 2.0. If a copy of the MPL was not distributed with this
5// file, You can obtain one at http://mozilla.org/MPL/2.0/.
6
7#include <config.h>
8
9#include <process/redact_config.h>
10
11#include <boost/algorithm/string.hpp>
12
13using namespace isc;
14using namespace isc::data;
15using namespace std;
16
17namespace {
18
19template <typename ElementPtrType>
20ElementPtrType
21redact(ElementPtrType const& element, list<string> json_path) {
22 if (!element) {
23 isc_throw(BadValue, "redact() got a null pointer");
24 }
25
26 string const next_key(json_path.empty() ? string() : json_path.front());
27 ElementPtr result;
28 if (element->getType() == Element::list) {
29 // If we are looking for a list...
30 if (next_key == "*" || next_key == "[]") {
31 // But if we are looking specifically for a list...
32 if (next_key == "[]") {
33 // Then advance in the path.
34 json_path.pop_front();
35 }
36 // Then redact all children.
37 result = Element::createList();
38 for (ElementPtr const& child : element->listValue()) {
39 result->add(redact(child, json_path));
40 }
41 return result;
42 }
43 } else if (element->getType() == Element::map) {
44 // If we are looking for anything or if we have reached the end of a
46 if (next_key == "*" || json_path.empty()) {
47 // Then iterate through all the children.
48 result = Element::createMap();
49 for (auto const& kv : element->mapValue()) {
50 std::string const& key(kv.first);
51 ConstElementPtr const& value(kv.second);
52
53 if (boost::algorithm::ends_with(key, "password") ||
54 boost::algorithm::ends_with(key, "secret")) {
55 // Sensitive data
56 result->set(key, Element::create(string("*****")));
57 } else if (key == "user-context") {
58 // Skip user contexts.
59 result->set(key, value);
60 } else {
61 if (json_path.empty()) {
62 // End of path means no sensitive data expected in this
63 // subtree, so we stop here.
64 result->set(key, value);
65 } else {
66 // We are looking for anything '*' so redact further.
67 result->set(key, redact(value, json_path));
68 }
69 }
70 }
71 return result;
72 } else {
73 ConstElementPtr child(element->get(next_key));
74 if (child) {
75 result = isc::data::copy(element, 1);
76 json_path.pop_front();
77 result->set(next_key, redact(child, json_path));
78 return result;
79 }
80 }
81 }
82
83 return element;
84}
85
86} // namespace
87
88namespace isc {
89namespace process {
90
91ConstElementPtr
92redactConfig(ConstElementPtr const& element, list<string> const& json_path) {
93 return redact(element, json_path);
94}
95
96} // namespace process
97} // namespace isc
isc::BadValue
A generic exception that is thrown if a parameter given to a method is considered invalid in that con...
Definition exceptions/exceptions.h:132
isc::data::Element::create
static ElementPtr create(const Position &pos=ZERO_POSITION())
Definition data.cc:249
isc::data::Element::createMap
static ElementPtr createMap(const Position &pos=ZERO_POSITION())
Creates an empty MapElement type ElementPtr.
Definition data.cc:304
isc::data::Element::createList
static ElementPtr createList(const Position &pos=ZERO_POSITION())
Creates an empty ListElement type ElementPtr.
Definition data.cc:299
isc_throw
#define isc_throw(type, stream)
A shortcut macro to insert known values into exception arguments.
Definition exceptions/exceptions.h:210
isc::data::copy
ElementPtr copy(ConstElementPtr from, int level)
Copy the data up to a nesting level.
Definition data.cc:1420
isc::data::ConstElementPtr
boost::shared_ptr< const Element > ConstElementPtr
Definition data.h:29
isc::data::ElementPtr
boost::shared_ptr< Element > ElementPtr
Definition data.h:28
isc::process::redactConfig
ConstElementPtr redactConfig(ConstElementPtr const &element, list< string > const &json_path)
Redact a configuration.
Definition redact_config.cc:92
isc
Defines the logger used by the top-level component of kea-lfc.
Definition agent_parser.cc:148
redact_config.h