From d95f1283b5e7bc84e47b00c5f8bc4ef8bfc6c181 Mon Sep 17 00:00:00 2001 From: Ryan Petrello Date: Thu, 9 Aug 2018 17:11:11 -0400 Subject: [PATCH] redact sensitive URLs from stdout at /api/v2/project_updates/N/events/ see: https://github.com/ansible/tower/issues/2805 --- awx/api/serializers.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 9d1067c780..bd7275cf8e 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -57,7 +57,7 @@ from awx.main.utils import ( has_model_field_prefetched, extract_ansible_vars, encrypt_dict, prefetch_page_capabilities, get_external_account) from awx.main.utils.filters import SmartFilter -from awx.main.redact import REPLACE_STR +from awx.main.redact import UriCleaner, REPLACE_STR from awx.main.validators import vars_validate_or_raise @@ -4023,6 +4023,8 @@ class JobEventWebSocketSerializer(JobEventSerializer): class ProjectUpdateEventSerializer(JobEventSerializer): + stdout = serializers.SerializerMethodField() + event_data = serializers.SerializerMethodField() class Meta: model = ProjectUpdateEvent @@ -4036,6 +4038,20 @@ class ProjectUpdateEventSerializer(JobEventSerializer): ) return res + def get_stdout(self, obj): + return UriCleaner.remove_sensitive(obj.stdout) + + def get_event_data(self, obj): + try: + return json.loads( + UriCleaner.remove_sensitive( + json.dumps(obj.event_data) + ) + ) + except Exception: + logger.exception("Failed to sanitize event_data") + return {} + class ProjectUpdateEventWebSocketSerializer(ProjectUpdateEventSerializer): created = serializers.SerializerMethodField()