1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 06:51:10 +03:00

redact sensitive URLs from stdout at /api/v2/project_updates/N/events/

see: https://github.com/ansible/tower/issues/2805
This commit is contained in:
Ryan Petrello 2018-08-09 17:11:11 -04:00
parent 5f0b34de38
commit d95f1283b5
No known key found for this signature in database
GPG Key ID: F2AA5F2122351777

View File

@ -57,7 +57,7 @@ from awx.main.utils import (
has_model_field_prefetched, extract_ansible_vars, encrypt_dict,
prefetch_page_capabilities, get_external_account)
from awx.main.utils.filters import SmartFilter
from awx.main.redact import REPLACE_STR
from awx.main.redact import UriCleaner, REPLACE_STR
from awx.main.validators import vars_validate_or_raise
@ -4023,6 +4023,8 @@ class JobEventWebSocketSerializer(JobEventSerializer):
class ProjectUpdateEventSerializer(JobEventSerializer):
stdout = serializers.SerializerMethodField()
event_data = serializers.SerializerMethodField()
class Meta:
model = ProjectUpdateEvent
@ -4036,6 +4038,20 @@ class ProjectUpdateEventSerializer(JobEventSerializer):
)
return res
def get_stdout(self, obj):
return UriCleaner.remove_sensitive(obj.stdout)
def get_event_data(self, obj):
try:
return json.loads(
UriCleaner.remove_sensitive(
json.dumps(obj.event_data)
)
)
except Exception:
logger.exception("Failed to sanitize event_data")
return {}
class ProjectUpdateEventWebSocketSerializer(ProjectUpdateEventSerializer):
created = serializers.SerializerMethodField()