admin/milvus
1
0
Fork 0
mirror of https://gitee.com/milvus-io/milvus.git synced 2025-12-07 09:38:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: Hide sensitive items for restful get configs (#44057)

Browse Source 
issue:https://github.com/milvus-io/milvus/issues/44065

Signed-off-by: yhmo <yihua.mo@zilliz.com>
This commit is contained in:
groot 2025-08-27 11:09:52 +08:00 committed by GitHub
parent 208a345a3d
commit 55b24b7a78
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
internal/proxy/http_req_impl.go
View File

@ -46,9 +46,27 @@ var (
httpDBName = "db_name" httpDBName = "db_name"
HTTPCollectionName = "collection_name" HTTPCollectionName = "collection_name"
UnknownData = "unknown" UnknownData = "unknown"
sensitiveKeys = []string{"secretaccesskey", "secret_access_key", "password"}
) )
func hideSensitive(configs map[string]string) {
checkFunc := func(key string) bool {
for _, sensitive := range sensitiveKeys {
if strings.Contains(strings.ToLower(key), sensitive) {
return true
}
}
return false
}
for key := range configs {
if checkFunc(key) {
configs[key] = "*****"
}
}
}
func getConfigs(configs map[string]string) gin.HandlerFunc { func getConfigs(configs map[string]string) gin.HandlerFunc {
hideSensitive(configs)
return func(c *gin.Context) { return func(c *gin.Context) {
bs, err := json.Marshal(configs) bs, err := json.Marshal(configs)
if err != nil { if err != nil {

35
internal/proxy/http_req_impl_test.go
View File

@ -4,6 +4,7 @@ import (
"context" "context"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"strings"
"testing" "testing"
"github.com/cockroachdb/errors" "github.com/cockroachdb/errors"
@ -21,6 +22,40 @@ import (
"github.com/milvus-io/milvus/pkg/v2/util/paramtable" "github.com/milvus-io/milvus/pkg/v2/util/paramtable"
) )
func TestHideSensitive(t *testing.T) {
configs := map[string]string{
"dummy": "ok",
"MyPassword": "123456",
"your_secret_access_Key": "ABCD",
"Foo": "password",
"SECRETACCESSKEY2": "XXX",
"minio.secretAccessKey": "secretAccessKey",
"common.security.defaultRootPassword": "milvus",
}
copiedConfigs := make(map[string]string)
for k, v := range configs {
copiedConfigs[k] = v
}
hideSensitive(configs)
for k := range copiedConfigs {
assert.Contains(t, configs, k)
}
for k, v := range configs {
contains := false
for _, sensitive := range sensitiveKeys {
if strings.Contains(strings.ToLower(k), sensitive) {
assert.Equal(t, v, "*****")
contains = true
break
}
}
if !contains {
assert.Equal(t, v, copiedConfigs[k])
}
}
}
func TestGetConfigs(t *testing.T) { func TestGetConfigs(t *testing.T) {
w := httptest.NewRecorder() w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w) c, _ := gin.CreateTestContext(w)