From: Joas Schilling Date: Wed, 11 Jan 2017 10:42:36 +0000 (+0100) Subject: Filter out sensitive appconfig values X-Git-Tag: v12.0.0beta1~686^2~1 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=ce7836378cf973ecebdd6d7790f9b3994f0e88f4;p=nextcloud-server.git Filter out sensitive appconfig values Signed-off-by: Joas Schilling --- diff --git a/core/Command/Config/ListConfigs.php b/core/Command/Config/ListConfigs.php index 2737bc2cea4..94b493c9244 100644 --- a/core/Command/Config/ListConfigs.php +++ b/core/Command/Config/ListConfigs.php @@ -89,14 +89,14 @@ class ListConfigs extends Base { 'apps' => [], ]; foreach ($apps as $appName) { - $configs['apps'][$appName] = $this->appConfig->getValues($appName, false); + $configs['apps'][$appName] = $this->getAppConfigs($appName, $noSensitiveValues); } break; default: $configs = [ 'apps' => [ - $app => $this->appConfig->getValues($app, false), + $app => $this->getAppConfigs($app, $noSensitiveValues), ], ]; } @@ -129,6 +129,21 @@ class ListConfigs extends Base { return $configs; } + /** + * Get the app configs + * + * @param string $app + * @param bool $noSensitiveValues + * @return array + */ + protected function getAppConfigs($app, $noSensitiveValues) { + if ($noSensitiveValues) { + return $this->appConfig->getFilteredValues($app, false); + } else { + return $this->appConfig->getValues($app, false); + } + } + /** * @param string $argumentName * @param CompletionContext $context diff --git a/lib/private/AllConfig.php b/lib/private/AllConfig.php index 4e13d70371b..fc1f862cd01 100644 --- a/lib/private/AllConfig.php +++ b/lib/private/AllConfig.php @@ -68,7 +68,7 @@ class AllConfig implements \OCP\IConfig { /** * @param SystemConfig $systemConfig */ - function __construct(SystemConfig $systemConfig) { + public function __construct(SystemConfig $systemConfig) { $this->userCache = new CappedMemoryCache(); $this->systemConfig = $systemConfig; } diff --git a/lib/private/AppConfig.php b/lib/private/AppConfig.php index d92e8965b5c..06e760e86f6 100644 --- a/lib/private/AppConfig.php +++ b/lib/private/AppConfig.php @@ -29,7 +29,9 @@ namespace OC; +use OC\DB\OracleConnection; use OCP\IAppConfig; +use OCP\IConfig; use OCP\IDBConnection; /** @@ -37,12 +39,22 @@ use OCP\IDBConnection; * database. */ class AppConfig implements IAppConfig { - /** - * @var \OCP\IDBConnection $conn - */ + + /** @var array[] */ + protected $sensitiveValues = [ + 'user_ldap' => [ + 'ldap_agent_password', + ], + ]; + + /** @var \OCP\IDBConnection */ protected $conn; - private $cache = array(); + /** @var array[] */ + private $cache = []; + + /** @var bool */ + private $configLoaded = false; /** * @param IDBConnection $conn @@ -85,6 +97,7 @@ class AppConfig implements IAppConfig { * * @param string $app the app we are looking for * @return array an array of key names + * @deprecated 8.0.0 use method getAppKeys of \OCP\IConfig * * This function gets all keys of an app. Please note that the values are * not returned. @@ -112,6 +125,7 @@ class AppConfig implements IAppConfig { * @param string $key key * @param string $default = null, default value if the key does not exist * @return string the value or $default + * @deprecated 8.0.0 use method getAppValue of \OCP\IConfig * * This function gets a value from the appconfig table. If the key does * not exist the default value will be returned @@ -146,6 +160,7 @@ class AppConfig implements IAppConfig { * @param string $key key * @param string|float|int $value value * @return bool True if the value was inserted or updated, false if the value was the same + * @deprecated 8.0.0 use method setAppValue of \OCP\IConfig */ public function setValue($app, $key, $value) { if (!$this->hasKey($app, $key)) { @@ -182,7 +197,7 @@ class AppConfig implements IAppConfig { * http://docs.oracle.com/cd/E11882_01/server.112/e26088/conditions002.htm#i1033286 * > Large objects (LOBs) are not supported in comparison conditions. */ - if (!($this->conn instanceof \OC\DB\OracleConnection)) { + if (!($this->conn instanceof OracleConnection)) { // Only update the value when it is not the same $sql->andWhere($sql->expr()->neq('configvalue', $sql->createParameter('configvalue'))) ->setParameter('configvalue', $value); @@ -200,7 +215,8 @@ class AppConfig implements IAppConfig { * * @param string $app app * @param string $key key - * @return boolean|null + * @return boolean + * @deprecated 8.0.0 use method deleteAppValue of \OCP\IConfig */ public function deleteKey($app, $key) { $this->loadConfigValues(); @@ -214,13 +230,15 @@ class AppConfig implements IAppConfig { $sql->execute(); unset($this->cache[$app][$key]); + return false; } /** * Remove app from appconfig * * @param string $app app - * @return boolean|null + * @return boolean + * @deprecated 8.0.0 use method deleteAppValue of \OCP\IConfig * * Removes all keys in appconfig belonging to the app. */ @@ -234,6 +252,7 @@ class AppConfig implements IAppConfig { $sql->execute(); unset($this->cache[$app]); + return false; } /** @@ -261,11 +280,31 @@ class AppConfig implements IAppConfig { } } + /** + * get all values of the app or and filters out sensitive data + * + * @param string $app + * @return array + */ + public function getFilteredValues($app) { + $values = $this->getValues($app, false); + + foreach ($this->sensitiveValues[$app] as $sensitiveKey) { + if (isset($values[$sensitiveKey])) { + $values[$sensitiveKey] = IConfig::SENSITIVE_VALUE; + } + } + + return $values; + } + /** * Load all the app config values */ protected function loadConfigValues() { - if ($this->configLoaded) return; + if ($this->configLoaded) { + return; + } $this->cache = []; diff --git a/lib/public/IAppConfig.php b/lib/public/IAppConfig.php index 01aca47ad81..4a92a224840 100644 --- a/lib/public/IAppConfig.php +++ b/lib/public/IAppConfig.php @@ -86,6 +86,15 @@ interface IAppConfig { */ public function getValues($app, $key); + /** + * get all values of the app or and filters out sensitive data + * + * @param string $app + * @return array + * @since 12.0.0 + */ + public function getFilteredValues($app); + /** * sets a value in the appconfig * @param string $app app