You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by we...@apache.org on 2020/03/13 07:56:46 UTC
[incubator-apisix] branch master updated: bugfix: hide ssl private
key in admin API. (#1240)
This is an automated email from the ASF dual-hosted git repository.
wenming pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 0ff1c82 bugfix: hide ssl private key in admin API. (#1240)
0ff1c82 is described below
commit 0ff1c820aecf90d9b70954b1cecff97ad4bf3ed8
Author: Wen Ming <mo...@gmail.com>
AuthorDate: Fri Mar 13 15:56:38 2020 +0800
bugfix: hide ssl private key in admin API. (#1240)
---
lua/apisix/admin/ssl.lua | 5 +++++
t/admin/ssl.t | 4 +++-
t/lib/test_admin.lua | 6 ++++--
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/lua/apisix/admin/ssl.lua b/lua/apisix/admin/ssl.lua
index 875e1c2..898d9c1 100644
--- a/lua/apisix/admin/ssl.lua
+++ b/lua/apisix/admin/ssl.lua
@@ -123,6 +123,11 @@ function _M.get(id)
return 500, {error_msg = err}
end
+ -- not return private key for security
+ if res.body and res.body.node and res.body.node.value then
+ res.body.node.value.key = nil
+ end
+
return res.status, res.body
end
diff --git a/t/admin/ssl.t b/t/admin/ssl.t
index 45930a7..15bfb0a 100644
--- a/t/admin/ssl.t
+++ b/t/admin/ssl.t
@@ -71,8 +71,10 @@ passed
[[{
"node": {
"value": {
- "sni": "test.com"
+ "sni": "test.com",
+ "key": null
},
+
"key": "/apisix/ssl/1"
},
"action": "get"
diff --git a/t/lib/test_admin.lua b/t/lib/test_admin.lua
index 608124f..8c2fc25 100644
--- a/t/lib/test_admin.lua
+++ b/t/lib/test_admin.lua
@@ -28,6 +28,10 @@ local function com_tab(pattern, data, deep)
for k, v in pairs(pattern) do
dir_names[deep] = k
+ if v == ngx.null then
+ v = nil
+ end
+
if type(v) == "table" then
local ok, err = com_tab(v, data[k], deep + 1)
if not ok then
@@ -135,12 +139,10 @@ function _M.test(uri, method, body, pattern)
if pattern == nil then
return res.status, "passed", res.body
end
-
local res_data = json.decode(res.body)
if type(pattern) == "string" then
pattern = json.decode(pattern)
end
-
local ok, err = com_tab(pattern, res_data)
if not ok then
return 500, "failed, " .. err, res_data