bugfix: hide ssl private key in admin API. (apache#1240)

SaberMaster · Jun 30, 2020 · 2a4ead7 · 2a4ead7
1 parent d4248cf
commit 2a4ead7
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 3 deletions.
diff --git a/lua/apisix/admin/ssl.lua b/lua/apisix/admin/ssl.lua
@@ -123,6 +123,11 @@ function _M.get(id)
         return 500, {error_msg = err}
     end
 
+    -- not return private key for security
+    if res.body and res.body.node and res.body.node.value then
+        res.body.node.value.key = nil
+    end
+
     return res.status, res.body
 end
 

diff --git a/t/admin/ssl.t b/t/admin/ssl.t
@@ -71,8 +71,10 @@ passed
                 [[{
                     "node": {
                         "value": {
-                            "sni": "test.com"
+                            "sni": "test.com",
+                            "key": null
                         },
+
                         "key": "/apisix/ssl/1"
                     },
                     "action": "get"

diff --git a/t/lib/test_admin.lua b/t/lib/test_admin.lua
@@ -28,6 +28,10 @@ local function com_tab(pattern, data, deep)
     for k, v in pairs(pattern) do
         dir_names[deep] = k
 
+        if v == ngx.null then
+            v = nil
+        end
+
         if type(v) == "table" then
             local ok, err = com_tab(v, data[k], deep + 1)
             if not ok then
@@ -135,12 +139,10 @@ function _M.test(uri, method, body, pattern)
     if pattern == nil then
         return res.status, "passed", res.body
     end
-
     local res_data = json.decode(res.body)
     if type(pattern) == "string" then
         pattern = json.decode(pattern)
     end
-
     local ok, err = com_tab(pattern, res_data)
     if not ok then
         return 500, "failed, " .. err, res_data