[Rt-commit] rt branch, 4.6/scrub-sensitive-fields, created. rt-4.4.4-706-g854eb3818d

Aaron Trevena ast at bestpractical.com
Tue Jan 21 10:34:22 EST 2020


The branch, 4.6/scrub-sensitive-fields has been created
        at  854eb3818de2d4d8997727a50ec01e3cd474f894 (commit)

- Log -----------------------------------------------------------------
commit 854eb3818de2d4d8997727a50ec01e3cd474f894
Author: Aaron Trevena <ast at bestpractical.com>
Date:   Tue Jan 14 17:59:53 2020 +0000

    Added helpers to scrub sensitive values for logging and transactions

diff --git a/etc/cpanfile b/etc/cpanfile
index 5de533a7f2..5e1da42437 100644
--- a/etc/cpanfile
+++ b/etc/cpanfile
@@ -15,6 +15,7 @@ requires 'CSS::Minifier::XS';
 requires 'CSS::Squish', '>= 0.06';
 requires 'Data::GUID';
 requires 'Data::ICal';
+requires 'Data::Rmap';
 requires 'Data::Page::Pageset';
 requires 'Date::Extract', '>= 0.02';
 requires 'Date::Manip';
diff --git a/lib/RT/Util.pm b/lib/RT/Util.pm
index aaa9d1530b..3de19b5cd7 100644
--- a/lib/RT/Util.pm
+++ b/lib/RT/Util.pm
@@ -52,8 +52,10 @@ use warnings;
 
 
 use base 'Exporter';
-our @EXPORT = qw/safe_run_child mime_recommended_filename EntityLooksLikeEmailMessage EmailContentTypes/;
+our @EXPORT = qw/safe_run_child mime_recommended_filename EntityLooksLikeEmailMessage EmailContentTypes
+                 filter_sensitive_fields fieldname_is_blacklisted/;
 
+use Data::Rmap;
 use Encode qw/encode/;
 
 sub safe_run_child (&) {
@@ -250,6 +252,63 @@ sub EmailContentTypes {
     return ( 'message/rfc822', 'message/partial', 'message/external-body' );
 }
 
+
+=head2 filter_sensitive_fields
+
+Takes a hashref or arrayref and filters it recursively replacing any blacklisted fields
+with ******
+
+Allows you to prevent leaking of passwords, credentials or keys in logs, etc
+
+default blacklist is password credential key secret
+
+additional fields can be added to black list by providing a comma seperated list in
+the LogFieldBlacklist configuration field.
+
+=cut
+
+sub filter_sensitive_fields {
+    my $data = shift();
+    rmap_all { _scrub_sensitive_fields($_) } $data;
+}
+
+my $blacklist = [qw(password credential key secret)];
+if (my $config_blacklisted_fields = RT->Config->Get('LogFieldBlacklist')) {
+    push (@$blacklist, split(/\s*,\s*/, $config_blacklisted_fields));
+}
+
+=head2 fieldname_is_blacklisted
+
+Check if a fieldname is blacklisted to avoid leaking sensitive information
+
+=cut
+
+sub fieldname_is_blacklisted {
+    my $fieldname = shift;
+    foreach my $blacklisted_fieldname (@$blacklist) {
+        return 1 if ($fieldname =~ m/$blacklisted_fieldname/);
+    }
+    return 0;
+}
+
+sub _scrub_sensitive_fields {
+    my $node = shift;
+    if (ref $_ eq 'HASH' ) {
+        warn "got hash ref : $node" ;
+        foreach my $fieldname (keys %$node) {
+            warn "handling $fieldname";
+            if (fieldname_is_blacklisted($fieldname)) {
+                $node->{$fieldname} = '*******';
+                warn "blacklisted $fieldname";
+            }
+        }
+    }
+    return $_;
+};
+
+
+
+
 RT::Base->_ImportOverlays();
 
 1;

-----------------------------------------------------------------------


More information about the rt-commit mailing list