From ac826b35b604c364a06fceaededc4c3490355ca2 Mon Sep 17 00:00:00 2001 From: Ivan Krutov Date: Wed, 9 May 2018 10:25:30 +0300 Subject: [PATCH] Removing credentials from /quota data (fixes #193) --- proxy.go | 15 ++++++++++++++- proxy_test.go | 14 +++++++++++--- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/proxy.go b/proxy.go index 8e5d1e4..4f31cf0 100644 --- a/proxy.go +++ b/proxy.go @@ -440,7 +440,20 @@ func quotaInfo(w http.ResponseWriter, r *http.Request) { log.Printf("[%d] [-] [QUOTA_INFO_REQUESTED] [%s] [%s] [-] [-] [-] [-] [-]\n", id, user, remote) browsers := quota[user] w.Header().Set("Content-Type", "application/json") - // NOTE: intentionally not removing username \ password fields from returned XML to not complicate things (can be done later if needed) + for i := 0; i < len(browsers.Browsers); i++ { + browser := &browsers.Browsers[i] + for j := 0; j < len(browser.Versions); j++ { + version := &browser.Versions[j] + for k := 0; k < len(version.Regions); k++ { + region := &version.Regions[k] + for l := 0; l < len(region.Hosts); l++ { + host := ®ion.Hosts[l] + host.Username = "" + host.Password = "" + } + } + } + } json.NewEncoder(w).Encode(browsers.Browsers) } diff --git a/proxy_test.go b/proxy_test.go index 7fff8f4..0a1ae02 100644 --- a/proxy_test.go +++ b/proxy_test.go @@ -172,7 +172,6 @@ func TestGetQuotaInfoUnauthorized(t *testing.T) { func TestGetQuotaInfo(t *testing.T) { test.Lock() defer test.Unlock() - browsers := Browsers{Browsers: []Browser{ {Name: "browser", DefaultVersion: "1.0", Versions: []Version{ {Number: "1.0", Regions: []Region{ @@ -190,7 +189,16 @@ func TestGetQuotaInfo(t *testing.T) { var fetchedBrowsers []Browser err = json.NewDecoder(rsp.Body).Decode(&fetchedBrowsers) AssertThat(t, err, Is{nil}) - AssertThat(t, fetchedBrowsers, EqualTo{browsers.Browsers}) + + browsersWithoutCredentials := []Browser{ + {Name: "browser", DefaultVersion: "1.0", Versions: []Version{ + {Number: "1.0", Regions: []Region{ + {Hosts: Hosts{ + Host{Name: "example.com", Port: 4444, Count: 1, Username: "", Password: ""}, + }}, + }}, + }}} + AssertThat(t, fetchedBrowsers, EqualTo{browsersWithoutCredentials}) } func TestProxyScreenVNCProtocol(t *testing.T) { @@ -1453,4 +1461,4 @@ func TestFileExists(t *testing.T) { f, err := ioutil.TempFile(tmpDir, "testfile") AssertThat(t, err, Is{nil}) AssertThat(t, fileExists(f.Name()), Is{true}) -} \ No newline at end of file +}