From 9912897170fb52c25a13b1dd5524f505e3d36cc6 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 16 Jan 2024 11:55:54 +0100 Subject: json: replace JSON_FORMAT_REFUSE_SENSITIVE with JSON_FORMAT_CENSOR_SENSITIVE Previously, the flag would completely refuse formatting a JSON object if any field of it was marked sensitive. With this change we'll simply replace the subobject with the string "", and show everything else. This is tremendously useful when debugging, since it means that we can again trace varlink calls through the stack: we can show all the message metadata and just suppress the actually sensitive parameters. The ability to debug this matters, and we should not hide more information that we can get away with, to keep things debuggable and maintainable. --- src/test/test-json.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) (limited to 'src/test/test-json.c') diff --git a/src/test/test-json.c b/src/test/test-json.c index 333fbe6cf2..cb0adc2643 100644 --- a/src/test/test-json.c +++ b/src/test/test-json.c @@ -107,9 +107,9 @@ static void test_variant_one(const char *data, Test test) { assert_se(json_variant_equal(v, w)); s = mfree(s); - r = json_variant_format(w, JSON_FORMAT_REFUSE_SENSITIVE, &s); - assert_se(r == -EPERM); - assert_se(!s); + r = json_variant_format(w, JSON_FORMAT_CENSOR_SENSITIVE, &s); + assert_se(s); + assert_se(streq_ptr(s, "\"\"")); s = mfree(s); r = json_variant_format(w, JSON_FORMAT_PRETTY, &s); @@ -886,10 +886,11 @@ TEST(json_sensitive) { json_variant_sensitive(a); - assert_se(json_variant_format(a, JSON_FORMAT_REFUSE_SENSITIVE, &s) == -EPERM); - assert_se(!s); + assert_se(json_variant_format(a, JSON_FORMAT_CENSOR_SENSITIVE, &s) >= 0); + assert_se(streq_ptr(s, "\"\"")); + s = mfree(s); - r = json_variant_format(b, JSON_FORMAT_REFUSE_SENSITIVE, &s); + r = json_variant_format(b, JSON_FORMAT_CENSOR_SENSITIVE, &s); assert_se(r >= 0); assert_se(s); assert_se((size_t) r == strlen(s)); @@ -901,7 +902,7 @@ TEST(json_sensitive) { JSON_BUILD_PAIR("e", JSON_BUILD_EMPTY_OBJECT))) >= 0); json_variant_dump(v, JSON_FORMAT_COLOR|JSON_FORMAT_PRETTY, NULL, NULL); - r = json_variant_format(v, JSON_FORMAT_REFUSE_SENSITIVE, &s); + r = json_variant_format(v, JSON_FORMAT_CENSOR_SENSITIVE, &s); assert_se(r >= 0); assert_se(s); assert_se((size_t) r == strlen(s)); @@ -915,7 +916,7 @@ TEST(json_sensitive) { JSON_BUILD_PAIR("e", JSON_BUILD_EMPTY_OBJECT))) >= 0); json_variant_dump(v, JSON_FORMAT_COLOR|JSON_FORMAT_PRETTY, NULL, NULL); - r = json_variant_format(v, JSON_FORMAT_REFUSE_SENSITIVE, &s); + r = json_variant_format(v, JSON_FORMAT_CENSOR_SENSITIVE, &s); assert_se(r >= 0); assert_se(s); assert_se((size_t) r == strlen(s)); @@ -930,8 +931,9 @@ TEST(json_sensitive) { JSON_BUILD_PAIR("e", JSON_BUILD_EMPTY_OBJECT))) >= 0); json_variant_dump(v, JSON_FORMAT_COLOR|JSON_FORMAT_PRETTY, NULL, NULL); - assert_se(json_variant_format(v, JSON_FORMAT_REFUSE_SENSITIVE, &s) == -EPERM); - assert_se(!s); + assert_se(json_variant_format(v, JSON_FORMAT_CENSOR_SENSITIVE, &s) >= 0); + assert_se(streq_ptr(s, "{\"b\":[\"foo\",\"bar\",\"baz\",\"qux\"],\"a\":\"\",\"c\":-9223372036854775808,\"d\":\"-9223372036854775808\",\"e\":{}}")); + s = mfree(s); v = json_variant_unref(v); assert_se(json_build(&v, JSON_BUILD_OBJECT( @@ -942,8 +944,9 @@ TEST(json_sensitive) { JSON_BUILD_PAIR("e", JSON_BUILD_EMPTY_OBJECT))) >= 0); json_variant_dump(v, JSON_FORMAT_COLOR|JSON_FORMAT_PRETTY, NULL, NULL); - assert_se(json_variant_format(v, JSON_FORMAT_REFUSE_SENSITIVE, &s) == -EPERM); - assert_se(!s); + assert_se(json_variant_format(v, JSON_FORMAT_CENSOR_SENSITIVE, &s) >= 0); + assert_se(streq_ptr(s, "{\"b\":[\"foo\",\"bar\",\"baz\",\"qux\"],\"c\":-9223372036854775808,\"a\":\"\",\"d\":\"-9223372036854775808\",\"e\":{}}")); + s = mfree(s); v = json_variant_unref(v); assert_se(json_build(&v, JSON_BUILD_OBJECT( @@ -954,8 +957,9 @@ TEST(json_sensitive) { JSON_BUILD_PAIR("e", JSON_BUILD_EMPTY_OBJECT))) >= 0); json_variant_dump(v, JSON_FORMAT_COLOR|JSON_FORMAT_PRETTY, NULL, NULL); - assert_se(json_variant_format(v, JSON_FORMAT_REFUSE_SENSITIVE, &s) == -EPERM); - assert_se(!s); + assert_se(json_variant_format(v, JSON_FORMAT_CENSOR_SENSITIVE, &s) >= 0); + assert_se(streq_ptr(s, "{\"b\":[\"foo\",\"bar\",\"baz\",\"qux\"],\"c\":-9223372036854775808,\"d\":\"-9223372036854775808\",\"a\":\"\",\"e\":{}}")); + s = mfree(s); v = json_variant_unref(v); assert_se(json_build(&v, JSON_BUILD_OBJECT( @@ -966,8 +970,8 @@ TEST(json_sensitive) { JSON_BUILD_PAIR_VARIANT("a", a))) >= 0); json_variant_dump(v, JSON_FORMAT_COLOR|JSON_FORMAT_PRETTY, NULL, NULL); - assert_se(json_variant_format(v, JSON_FORMAT_REFUSE_SENSITIVE, &s) == -EPERM); - assert_se(!s); + assert_se(json_variant_format(v, JSON_FORMAT_CENSOR_SENSITIVE, &s) >= 0); + assert_se(streq_ptr(s, "{\"b\":[\"foo\",\"bar\",\"baz\",\"qux\"],\"c\":-9223372036854775808,\"d\":\"-9223372036854775808\",\"e\":{},\"a\":\"\"}")); } TEST(json_iovec) { -- cgit v1.2.3