You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by we...@apache.org on 2020/03/13 07:56:46 UTC

[incubator-apisix] branch master updated: bugfix: hide ssl private key in admin API. (#1240)

This is an automated email from the ASF dual-hosted git repository.

wenming pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new 0ff1c82  bugfix: hide ssl private key in admin API. (#1240)
0ff1c82 is described below

commit 0ff1c820aecf90d9b70954b1cecff97ad4bf3ed8
Author: Wen Ming <mo...@gmail.com>
AuthorDate: Fri Mar 13 15:56:38 2020 +0800

    bugfix: hide ssl private key in admin API. (#1240)
---
 lua/apisix/admin/ssl.lua | 5 +++++
 t/admin/ssl.t            | 4 +++-
 t/lib/test_admin.lua     | 6 ++++--
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/lua/apisix/admin/ssl.lua b/lua/apisix/admin/ssl.lua
index 875e1c2..898d9c1 100644
--- a/lua/apisix/admin/ssl.lua
+++ b/lua/apisix/admin/ssl.lua
@@ -123,6 +123,11 @@ function _M.get(id)
         return 500, {error_msg = err}
     end
 
+    -- not return private key for security
+    if res.body and res.body.node and res.body.node.value then
+        res.body.node.value.key = nil
+    end
+
     return res.status, res.body
 end
 
diff --git a/t/admin/ssl.t b/t/admin/ssl.t
index 45930a7..15bfb0a 100644
--- a/t/admin/ssl.t
+++ b/t/admin/ssl.t
@@ -71,8 +71,10 @@ passed
                 [[{
                     "node": {
                         "value": {
-                            "sni": "test.com"
+                            "sni": "test.com",
+                            "key": null
                         },
+
                         "key": "/apisix/ssl/1"
                     },
                     "action": "get"
diff --git a/t/lib/test_admin.lua b/t/lib/test_admin.lua
index 608124f..8c2fc25 100644
--- a/t/lib/test_admin.lua
+++ b/t/lib/test_admin.lua
@@ -28,6 +28,10 @@ local function com_tab(pattern, data, deep)
     for k, v in pairs(pattern) do
         dir_names[deep] = k
 
+        if v == ngx.null then
+            v = nil
+        end
+
         if type(v) == "table" then
             local ok, err = com_tab(v, data[k], deep + 1)
             if not ok then
@@ -135,12 +139,10 @@ function _M.test(uri, method, body, pattern)
     if pattern == nil then
         return res.status, "passed", res.body
     end
-
     local res_data = json.decode(res.body)
     if type(pattern) == "string" then
         pattern = json.decode(pattern)
     end
-
     local ok, err = com_tab(pattern, res_data)
     if not ok then
         return 500, "failed, " .. err, res_data