From 2fedfa1b4c19ced90b5eb21a129e1c0deddf2a66 Mon Sep 17 00:00:00 2001 From: jf-cbd Date: Wed, 5 Mar 2025 14:35:51 +0100 Subject: [PATCH] WIP --- core/restservices.class.inc.php | 31 ++++-- .../core/Delta/delta_test_sanitize_output.xml | 101 +++++++++++++++++- .../core/RestServicesSanitizeOutputTest.php | 69 +++++++++--- 3 files changed, 176 insertions(+), 25 deletions(-) diff --git a/core/restservices.class.inc.php b/core/restservices.class.inc.php index f8ec5efa6..cf12b9a4f 100644 --- a/core/restservices.class.inc.php +++ b/core/restservices.class.inc.php @@ -134,10 +134,7 @@ public function SanitizeContent() } catch (Exception $e) { // for special cases like ID continue; } - if ($oAttDef instanceof iAttributeNoGroupBy) // iAttributeNoGroupBy is equivalent to sensitive attribute - { $this->SanitizeFieldIfSensitive($this->fields, $sFieldAttCode, $fieldValue, $oAttDef); - } } } } @@ -870,11 +867,13 @@ trait SanitizeTrait */ private function SanitizeFieldIfSensitive(array &$fields, string $sFieldAttCode, $fieldValue, $oAttDef): void { + // for simple attribute if ($oAttDef instanceof iAttributeNoGroupBy) // iAttributeNoGroupBy is equivalent to sensitive attribute { $fields[$sFieldAttCode] = '*****'; } - if ($oAttDef instanceof AttributeLinkedSet) { // for 1-n relations + // for 1-n relations + if ($oAttDef instanceof AttributeLinkedSet) { foreach ($fieldValue as $i => $aLnkValues) { foreach ($aLnkValues as $sLnkAttCode => $sLnkValue) { $oLnkAttDef = MetaModel::GetAttributeDef($oAttDef->GetLinkedClass(), $sLnkAttCode); @@ -885,20 +884,32 @@ trait SanitizeTrait } } } - if ($oAttDef instanceof AttributeLinkedSetIndirect) { // for n-n relations + // for n-n relations + if ($oAttDef instanceof AttributeLinkedSetIndirect) { + $extKeyToRemote = $oAttDef->GetExtKeyToRemote(); foreach ($fieldValue as $i => $aLnkValues) { foreach ($aLnkValues as $sLnkAttCode => $sLnkValue) { - $oLnkAttDef = MetaModel::GetAttributeDef($oAttDef->GetLinkedClass(), $sLnkAttCode); - if ($oLnkAttDef instanceof iAttributeNoGroupBy) // iAttributeNoGroupBy is equivalent to sensitive attribute - { - $fields[$sFieldAttCode][$i][$sLnkAttCode] = '*****'; + if ($sLnkAttCode == $extKeyToRemote) { + $oExtKeyAttDef = MetaModel::GetAttributeDef($oAttDef->GetLinkedClass(), $oAttDef->GetExtKeyToRemote()); + if ($oExtKeyAttDef instanceof iAttributeNoGroupBy) // iAttributeNoGroupBy is equivalent to sensitive attribute + { + $fields[$sFieldAttCode][$i][$sLnkAttCode] = '*****'; + } } } } } // for external key if ($oAttDef instanceof AttributeExternalKey) { - $oExtKeyAttDef = MetaModel::GetAttributeDef($oAttDef->GetTargetClass(), $oAttDef->GetCode()); + $oExtKeyAttDef = MetaModel::GetAttributeDef($oAttDef->GetTargetClass(), $oAttDef->GetKeyAttCode()); + if ($oExtKeyAttDef instanceof iAttributeNoGroupBy) // iAttributeNoGroupBy is equivalent to sensitive attribute + { + $fields[$sFieldAttCode] = '*****'; + } + } + // for external field + if ($oAttDef instanceof AttributeExternalField) { + $oExtKeyAttDef = MetaModel::GetAttributeDef($oAttDef->GetTargetClass(), $oAttDef->GetExtAttCode()); if ($oExtKeyAttDef instanceof iAttributeNoGroupBy) // iAttributeNoGroupBy is equivalent to sensitive attribute { $fields[$sFieldAttCode] = '*****'; diff --git a/tests/php-unit-tests/unitary-tests/core/Delta/delta_test_sanitize_output.xml b/tests/php-unit-tests/unitary-tests/core/Delta/delta_test_sanitize_output.xml index 2465f3548..2961a77f7 100644 --- a/tests/php-unit-tests/unitary-tests/core/Delta/delta_test_sanitize_output.xml +++ b/tests/php-unit-tests/unitary-tests/core/Delta/delta_test_sanitize_output.xml @@ -1,10 +1,105 @@ - + + cmdbAbstractObject + + bizmodel + false + autoincrement + test_server + id + + - - encrypted_string + + lnkContactTestToServer + testserver_id + contact_test_id + true + + + PasswordTest + server_test_id + true + + + name + + false + + + + + + + cmdbAbstractObject + + bizmodel + false + autoincrement + contact_test + id + + + + + + password + + + + + + + cmdbAbstractObject + + bizmodel + false + autoincrement + lnk_contact_server_test + id + + + + + contact_test_id + password + + + TestServer + DEL_MANUAL + test_server + false + + + + ContactTest + DEL_MANUAL + contact_test + false + + + + + + cmdbAbstractObject + + bizmodel + false + autoincrement + password_test + id + + + + + TestServer + server_test_id + DEL_MANUAL + + + password diff --git a/tests/php-unit-tests/unitary-tests/core/RestServicesSanitizeOutputTest.php b/tests/php-unit-tests/unitary-tests/core/RestServicesSanitizeOutputTest.php index 30d809887..8ebaf7ba2 100644 --- a/tests/php-unit-tests/unitary-tests/core/RestServicesSanitizeOutputTest.php +++ b/tests/php-unit-tests/unitary-tests/core/RestServicesSanitizeOutputTest.php @@ -20,7 +20,8 @@ namespace Combodo\iTop\Test\UnitTest\Core; use Combodo\iTop\Test\UnitTest\ItopCustomDatamodelTestCase; -use Group; +use MetaModel; +use PasswordTest; /** * @runTestsInSeparateProcesses @@ -29,23 +30,67 @@ use Group; */ class RestServicesSanitizeOutputTest extends iTopCustomDatamodelTestCase { - public function setUp(): void + public function testSanitizeJsonOutputOnSimpleAttribute() { - parent::setUp(); - } - - - public function testSanitizeJsonOutput() - { - $oGroup = new Group(); - $oGroup->Set('encrypted_string', "123456"); + // inserer en base ? + // insererer contact list ? + // requeter des champs qui ne s'affichent pas + $oContactTest = MetaModel::NewObject('ContactTest', array( + 'password' => '123456')); $oRestResultWithObject = new \RestResultWithObjects(); - $oRestResultWithObject->AddObject(0, "ok", $oGroup, ['Group' => ['encrypted_string']]); + $oRestResultWithObject->AddObject(0, "ok", $oContactTest, ['ContactTest' => ['password']]); $oRestResultWithObject->SanitizeContent(); - $this->assertEquals('{"objects":{"Group::-1":{"code":0,"message":"ok","class":"Group","key":-1,"fields":{"encrypted_string":"*****"}}},"code":0,"message":null}', json_encode($oRestResultWithObject)); + $this->assertEquals( + '{"objects":{"ContactTest::-1":{"code":0,"message":"ok","class":"ContactTest","key":-1,"fields":{"password":"*****"}}},"code":0,"message":null}', + json_encode($oRestResultWithObject)); } + public function testSanitizeJsonOutputAttributeExternalKeyOnNNRelation() + { + $oContactTest = $this->CreateObject('ContactTest', array( + 'password' => '123456')); + $oTestServer = $this->CreateObject('TestServer', [ + 'name' => 'testserver', + ]); + + + // create lnkContactTestToServer + $oLnkContactTestToServer = $this->CreateObject('lnkContactTestToServer', array( + 'contact_test_id' => $oContactTest->GetKey(), + 'testserver_id' => $oTestServer->GetKey() + )); + + $oRestResultWithObject = new \RestResultWithObjects(); + $oRestResultWithObject->AddObject(0, "ok", $oLnkContactTestToServer, + ['lnkContactTestToServer' => ['contact_test_password']]); + + $oRestResultWithObject->SanitizeContent(); + $this->assertEquals( + '{"objects":{"}', + json_encode($oRestResultWithObject)); + } + + public function testSanitizeJsonOutputOn1NRelation() + { + // Impossible to query the class + $oTestServer = $this->CreateObject('TestServer', [ + 'name' => 'my_server', + ]); + + $oPassword = new PasswordTest(); + $oPassword->Set('password', "123456"); + $oPassword->Set('server_test_id', $oTestServer->GetKey()); + + + $oRestResultWithObject = new \RestResultWithObjects(); + $oRestResultWithObject->AddObject(0, "ok", $oTestServer, ['TestServer' => ['id', 'password_list']]); + $oRestResultWithObject->SanitizeContent(); + $this->assertEquals( + '{"objects":{"TestServer::-1":{"code":0,"message":"ok","class":"TestServer","key":-1,"fields":{"password_list":["*****"]}}},"code":0,"message":null}', + json_encode($oRestResultWithObject)); + + } public function GetDatamodelDeltaAbsPath(): string {