Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

This GEM prints your API to json in the responses - example below #303

Open
kairos0ne opened this issue Oct 2, 2018 · 1 comment
Open

This GEM prints your API to json in the responses - example below #303

kairos0ne opened this issue Oct 2, 2018 · 1 comment
Labels
Feature New features that do not exist

Comments

@kairos0ne
Copy link

I've got this gem working with JIRA CLOUD REST API. However I notice that the json response includes the client and all its options including our API key.

Thats a massive security issue for us... I've provided an example of the response that comes back for client.Projects.all. If you are intending to address this we are more than happy to assist in the development changes required to ensure no tokens/passwords are either printed to logs or provided on any responses. Its a real shame because it would be a really nice little Gem otherwise.

{ "client": { "options": { "site": "https://monochrome-development.atlassian.net/", "context_path": "", "rest_base_path": "/rest/api/3", "ssl_verify_mode": 1, "use_ssl": true, "use_client_cert": false, "auth_type": "basic", "http_debug": false, "username": "[email protected]", "password": "REDACTED" }, "request_client": { "options": { "username": "[email protected]", "password": "REDACTED", "site": "https://monochrome-development.atlassian.net/", "context_path": "", "rest_base_path": "/rest/api/3", "ssl_verify_mode": 1, "use_ssl": true, "use_client_cert": false, "auth_type": "basic", "http_debug": false }, "cookies": {}, "authenticated": true }, "http_debug": false, "cache": { "table": {} } }, "attrs": { "expand": "description,lead,issueTypes,url,projectKeys", "self": "https://monochrome-development.atlassian.net/rest/api/3/project/10014", "id": "10014", "key": "CAD", "name": "Cadbury", "avatarUrls": { "48x48": "https://monochrome-development.atlassian.net/secure/projectavatar?avatarId=10324", "24x24": "https://monochrome-development.atlassian.net/secure/projectavatar?size=small&avatarId=10324", "16x16": "https://monochrome-development.atlassian.net/secure/projectavatar?size=xsmall&avatarId=10324", "32x32": "https://monochrome-development.atlassian.net/secure/projectavatar?size=medium&avatarId=10324" }, "projectTypeKey": "software", "simplified": false }, "expanded": false, "deleted": false },
@bobbrodie
Copy link
Member

It would definitely be great to obfuscate or remove specific fields on their way back, similar to how Rails can remove specific request params when they're made.

I think we should make it configurable, with specific fields configured by default in the config file.

@bobbrodie bobbrodie added the Feature New features that do not exist label Oct 18, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature New features that do not exist
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bobbrodie @kairos0ne