d3/d9f/redact__config_8cc_source.html

// Copyright (C) 2021-2026 Internet Systems Consortium, Inc. ("ISC")

//

// This Source Code Form is subject to the terms of the Mozilla Public

// License, v. 2.0. If a copy of the MPL was not distributed with this

// file, You can obtain one at http://mozilla.org/MPL/2.0/.


#include <config.h>


#include <process/redact_config.h>


#include <boost/algorithm/string.hpp>


using namespace isc;

using namespace isc::data;

using namespace std;


namespace {


template <typename ElementPtrType>

ElementPtrType

    redact(ElementPtrType const& element, list<string> json_path,

           string obscure, unsigned level) {

    if (!element) {

        isc_throw(BadValue, "redact() got a null pointer");

    }

    if (level == 0) {

        isc_throw(BadValue, "redact() elements nested too deeply");

    }


    string const next_key(json_path.empty() ? string() : json_path.front());

    ElementPtr result;

    if (element->getType() == Element::list) {

        // If we are looking for a list...

        if (next_key == "*" || next_key == "[]") {

            // But if we are looking specifically for a list...

            if (next_key == "[]") {

                // Then advance in the path.

                json_path.pop_front();

            }

            // Then redact all children.

            result = Element::createList();

            for (ElementPtr const& child : element->listValue()) {

                result->add(redact(child, json_path, obscure, level - 1));

            }

            return (result);

        }

    } else if (element->getType() == Element::map) {

        // If we are looking for anything or if we have reached the end of a

        if (next_key == "*" || json_path.empty()) {

            // Then iterate through all the children.

            result = Element::createMap();

            for (auto const& kv : element->mapValue()) {

                std::string const& key(kv.first);

                ConstElementPtr const& value(kv.second);


                if (boost::algorithm::ends_with(key, "password") ||

                    boost::algorithm::ends_with(key, "secret")) {

                    // Sensitive data

                    result->set(key, Element::create(obscure));

                } else if (key == "user-context") {

                    // Skip user contexts.

                    result->set(key, value);

                } else {

                    if (json_path.empty()) {

                        // End of path means no sensitive data expected in this

                        // subtree, so we stop here.

                        result->set(key, value);

                    } else {

                        // We are looking for anything '*' so redact further.

                        result->set(key, redact(value, json_path, obscure,

                                                level - 1));

                    }

                }

            }

            return (result);

        } else {

            ConstElementPtr child(element->get(next_key));

            if (child) {

                result = isc::data::copy(element, 1U);

                json_path.pop_front();

                result->set(next_key,

                            redact(child, json_path, obscure, level - 1));

                return (result);

            }

        }

    }


    return (element);

}


}  // namespace


namespace isc {

namespace process {


ConstElementPtr


redactConfig(ConstElementPtr const& element, list<string> const& json_path,

             string obscure, unsigned max_nesting_depth) {

    return (redact(element, json_path, obscure, max_nesting_depth));

}


}  // namespace process

}  // namespace isc

Element::create
static ElementPtr create(const Position &pos=ZERO_POSITION())
Create a NullElement.
Definition data.cc:299

Element::map
@ map
Definition data.h:160

Element::list
@ list
Definition data.h:159

Element::createMap
static ElementPtr createMap(const Position &pos=ZERO_POSITION())
Creates an empty MapElement type ElementPtr.
Definition data.cc:354

Element::createList
static ElementPtr createList(const Position &pos=ZERO_POSITION())
Creates an empty ListElement type ElementPtr.
Definition data.cc:349

isc::BadValue
A generic exception that is thrown if a parameter given to a method is considered invalid in that con...
Definition exceptions/exceptions.h:132

isc_throw
#define isc_throw(type, stream)
A shortcut macro to insert known values into exception arguments.
Definition exceptions/exceptions.h:210

isc::data
Definition base_stamped_element.cc:12

isc::data::copy
ElementPtr copy(ConstElementPtr from, unsigned level)
Copy the data up to a nesting level.
Definition data.cc:1517

isc::data::ConstElementPtr
boost::shared_ptr< const Element > ConstElementPtr
Definition data.h:30

isc::data::ElementPtr
boost::shared_ptr< Element > ElementPtr
Definition data.h:29

isc::process
Definition cb_ctl_base.h:22

isc::process::redactConfig
ConstElementPtr redactConfig(ConstElementPtr const &element, list< string > const &json_path, string obscure, unsigned max_nesting_depth)
Redact a configuration.
Definition redact_config.cc:98

isc
Defines the logger used by the top-level component of kea-lfc.
Definition agent_parser.cc:148

redact_config.h