Skip to content
This repository was archived by the owner on Sep 30, 2024. It is now read-only.

Fix issues with commenting out redacted site config fields.#53152

Merged
pjlast merged 4 commits into
mainfrom
pjlast/fix-config-redaction-unredaction
Jun 8, 2023
Merged

Fix issues with commenting out redacted site config fields.#53152
pjlast merged 4 commits into
mainfrom
pjlast/fix-config-redaction-unredaction

Conversation

@pjlast

@pjlast pjlast commented Jun 8, 2023

Copy link
Copy Markdown
Contributor

Site config reads used to be done with the gjson library, but the gjson library does not understand the jsonc format. So it returns fields even if they are commented out.

This PR changes the RedactSecrets and UnredactSecrets functions to use the jsonc library to do reads instead, which understands fields that are commented out.

Test plan

Manual verification and tests should still be passing.

@cla-bot cla-bot Bot added the cla-signed label Jun 8, 2023
@pjlast pjlast requested review from a team and eseliger June 8, 2023 11:21
indradhanush
indradhanush approved these changes Jun 8, 2023
View reviewed changes

@indradhanush indradhanush left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Took a cursory look at this, not finding anything unusual. Is it possible to add a test for this?

sashaostrikov
sashaostrikov approved these changes Jun 8, 2023
View reviewed changes

@sashaostrikov sashaostrikov left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix!

eseliger
eseliger approved these changes Jun 8, 2023
View reviewed changes

@eseliger eseliger left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we add a test for that?

@pjlast pjlast enabled auto-merge (squash) June 8, 2023 14:10
@pjlast pjlast merged commit 64cb4b7 into main Jun 8, 2023
@pjlast pjlast deleted the pjlast/fix-config-redaction-unredaction branch June 8, 2023 14:24
indradhanush
indradhanush reviewed Jun 8, 2023
View reviewed changes
Comment thread internal/conf/validate_test.go
}`

want := `{
// "executors.accessToken": "supersecret",

@indradhanush indradhanush Jun 8, 2023

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now that I see the test it makes me think that isn't this a security risk? Don't we want to be able to redact them as well? I'm thinking from a user's perspective that is used to secrets being redacted on Sourcegraph, it could come up as a surprise if they saw a token in the open when they commented it out. 🤔

ErikaRS pushed a commit that referenced this pull request Jun 22, 2023
@pjlast @ErikaRS
Fix issues with commenting out redacted site config fields. (#53152)
258fbb5
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

3 more reviewers

@indradhanush indradhanush indradhanush approved these changes

@eseliger eseliger eseliger approved these changes

@sashaostrikov sashaostrikov sashaostrikov approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pjlast @indradhanush @eseliger @sashaostrikov