mirror of
https://github.com/mattermost/mattermost.git
synced 2026-02-18 18:18:23 -05:00
[MM-67502] Sanitize secret plugin settings inside sections (#35214)
This commit is contained in:
Ben Schumacher
GitHub
parent
76b3528c2b
commit
9e7cd64800
2 changed files with 94 additions and 0 deletions
|
|
@ -3539,6 +3539,15 @@ func (s *PluginSettings) Sanitize(pluginManifests []*Manifest) {
|
|||
break
|
||||
}
|
||||
}
|
||||
|
||||
for _, section := range manifest.SettingsSchema.Sections {
|
||||
for _, definedSetting := range section.Settings {
|
||||
if definedSetting.Secret && strings.EqualFold(definedSetting.Key, key) {
|
||||
settings[key] = FakeSetting
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1790,6 +1790,91 @@ func TestPluginSettingsSanitize(t *testing.T) {
|
|||
},
|
||||
},
|
||||
},
|
||||
"secret settings in sections are sanitized": {
|
||||
manifests: []*Manifest{
|
||||
{
|
||||
Id: pluginID1,
|
||||
SettingsSchema: &PluginSettingsSchema{
|
||||
Settings: []*PluginSetting{
|
||||
{
|
||||
Key: "somesetting",
|
||||
Type: "text",
|
||||
Secret: false,
|
||||
},
|
||||
},
|
||||
Sections: []*PluginSettingsSection{
|
||||
{
|
||||
Key: "section1",
|
||||
Settings: []*PluginSetting{
|
||||
{
|
||||
Key: "secrettext",
|
||||
Type: "text",
|
||||
Secret: true,
|
||||
},
|
||||
{
|
||||
Key: "secretnumber",
|
||||
Type: "number",
|
||||
Secret: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expected: map[string]map[string]any{
|
||||
pluginID1: {
|
||||
"someoldsettings": "some old value",
|
||||
"somesetting": "some value",
|
||||
"secrettext": FakeSetting,
|
||||
"secretnumber": FakeSetting,
|
||||
},
|
||||
},
|
||||
},
|
||||
"secret settings across multiple sections": {
|
||||
manifests: []*Manifest{
|
||||
{
|
||||
Id: pluginID1,
|
||||
SettingsSchema: &PluginSettingsSchema{
|
||||
Sections: []*PluginSettingsSection{
|
||||
{
|
||||
Key: "section1",
|
||||
Settings: []*PluginSetting{
|
||||
{
|
||||
Key: "somesetting",
|
||||
Type: "text",
|
||||
Secret: false,
|
||||
},
|
||||
{
|
||||
Key: "secrettext",
|
||||
Type: "text",
|
||||
Secret: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
Key: "section2",
|
||||
Settings: []*PluginSetting{
|
||||
{
|
||||
Key: "secretnumber",
|
||||
Type: "number",
|
||||
Secret: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expected: map[string]map[string]any{
|
||||
pluginID1: {
|
||||
"someoldsettings": "some old value",
|
||||
"somesetting": "some value",
|
||||
"secrettext": FakeSetting,
|
||||
"secretnumber": FakeSetting,
|
||||
},
|
||||
},
|
||||
},
|
||||
} {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
c := PluginSettings{}
|
||||
|
|
|
|||
Loading…
Reference in a new issue