diff options
author | Kinsey Moore <kmoore@digium.com> | 2013-11-22 20:10:46 +0000 |
---|---|---|
committer | Kinsey Moore <kmoore@digium.com> | 2013-11-22 20:10:46 +0000 |
commit | d9015a5356dfff70ce15ed2ea5726325de71d9e3 (patch) | |
tree | b4b253dcc96a4cbc27f54ee294dae45264e12dbb /res/ari | |
parent | 1c45a32ee861fa427e0243abe03c729966fa4436 (diff) |
ARI: Don't leak implementation details
This change prevents channels used as implementation details from
leaking out to ARI. It does this by preventing creation of JSON blobs
of channel snapshots created from those channels and sanitizing JSON
blobs of bridge snapshots as they are created. This introduces a
framework for excluding information from output targeted at Stasis
applications on a consumer-by-consumer basis using channel sanitization
callbacks which could be extended to bridges or endpoints if necessary.
This prevents unhelpful error messages from being generated by
ast_json_pack.
This also corrects a bug where BridgeCreated events would not be
created.
(closes issue ASTERISK-22744)
Review: https://reviewboard.asterisk.org/r/2987/
Reported by: David M. Lee
........
Merged revisions 403069 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403070 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'res/ari')
-rw-r--r-- | res/ari/resource_bridges.c | 8 | ||||
-rw-r--r-- | res/ari/resource_channels.c | 22 | ||||
-rw-r--r-- | res/ari/resource_endpoints.c | 22 |
3 files changed, 39 insertions, 13 deletions
diff --git a/res/ari/resource_bridges.c b/res/ari/resource_bridges.c index 7c4fed29b..e09bea6b5 100644 --- a/res/ari/resource_bridges.c +++ b/res/ari/resource_bridges.c @@ -605,7 +605,7 @@ void ast_ari_bridges_get(struct ast_variable *headers, } ast_ari_response_ok(response, - ast_bridge_snapshot_to_json(snapshot)); + ast_bridge_snapshot_to_json(snapshot, stasis_app_get_sanitizer())); } void ast_ari_bridges_destroy(struct ast_variable *headers, @@ -656,7 +656,9 @@ void ast_ari_bridges_list(struct ast_variable *headers, while ((obj = ao2_iterator_next(&i))) { RAII_VAR(struct stasis_message *, msg, obj, ao2_cleanup); struct ast_bridge_snapshot *snapshot = stasis_message_data(msg); - if (ast_json_array_append(json, ast_bridge_snapshot_to_json(snapshot))) { + struct ast_json *json_bridge = ast_bridge_snapshot_to_json(snapshot, stasis_app_get_sanitizer()); + + if (!json_bridge || ast_json_array_append(json, json_bridge)) { ast_ari_response_alloc_failed(response); return; } @@ -689,5 +691,5 @@ void ast_ari_bridges_create(struct ast_variable *headers, } ast_ari_response_ok(response, - ast_bridge_snapshot_to_json(snapshot)); + ast_bridge_snapshot_to_json(snapshot, stasis_app_get_sanitizer())); } diff --git a/res/ari/resource_channels.c b/res/ari/resource_channels.c index dc0058fa5..75d56d924 100644 --- a/res/ari/resource_channels.c +++ b/res/ari/resource_channels.c @@ -593,7 +593,7 @@ void ast_ari_channels_get(struct ast_variable *headers, ast_assert(snapshot != NULL); ast_ari_response_ok(response, - ast_channel_snapshot_to_json(snapshot)); + ast_channel_snapshot_to_json(snapshot, NULL)); } void ast_ari_channels_hangup(struct ast_variable *headers, @@ -639,6 +639,7 @@ void ast_ari_channels_list(struct ast_variable *headers, RAII_VAR(struct ast_json *, json, NULL, ast_json_unref); struct ao2_iterator i; void *obj; + struct stasis_message_sanitizer *sanitize = stasis_app_get_sanitizer(); cache = ast_channel_cache(); if (!cache) { @@ -661,14 +662,23 @@ void ast_ari_channels_list(struct ast_variable *headers, return; } - i = ao2_iterator_init(snapshots, 0); - while ((obj = ao2_iterator_next(&i))) { + for (i = ao2_iterator_init(snapshots, 0); + (obj = ao2_iterator_next(&i)); ao2_cleanup(obj)) { RAII_VAR(struct stasis_message *, msg, obj, ao2_cleanup); struct ast_channel_snapshot *snapshot = stasis_message_data(msg); - int r = ast_json_array_append( - json, ast_channel_snapshot_to_json(snapshot)); + int r; + + if (sanitize && sanitize->channel_snapshot + && sanitize->channel_snapshot(snapshot)) { + continue; + } + + r = ast_json_array_append( + json, ast_channel_snapshot_to_json(snapshot, NULL)); if (r != 0) { ast_ari_response_alloc_failed(response); + ao2_cleanup(obj); + ao2_iterator_destroy(&i); return; } } @@ -769,7 +779,7 @@ void ast_ari_channels_originate(struct ast_variable *headers, stasis_app_subscribe(args->app, uris, 1, NULL); } - ast_ari_response_ok(response, ast_channel_snapshot_to_json(snapshot)); + ast_ari_response_ok(response, ast_channel_snapshot_to_json(snapshot, NULL)); ast_channel_unref(chan); } diff --git a/res/ari/resource_endpoints.c b/res/ari/resource_endpoints.c index 14f9e0576..c37f4968e 100644 --- a/res/ari/resource_endpoints.c +++ b/res/ari/resource_endpoints.c @@ -31,6 +31,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") #include "asterisk/astobj2.h" #include "asterisk/stasis.h" +#include "asterisk/stasis_app.h" #include "asterisk/stasis_endpoints.h" #include "asterisk/channel.h" @@ -69,8 +70,15 @@ void ast_ari_endpoints_list(struct ast_variable *headers, while ((obj = ao2_iterator_next(&i))) { RAII_VAR(struct stasis_message *, msg, obj, ao2_cleanup); struct ast_endpoint_snapshot *snapshot = stasis_message_data(msg); - int r = ast_json_array_append( - json, ast_endpoint_snapshot_to_json(snapshot)); + struct ast_json *json_endpoint = ast_endpoint_snapshot_to_json(snapshot, stasis_app_get_sanitizer()); + int r; + + if (!json_endpoint) { + return; + } + + r = ast_json_array_append( + json, json_endpoint); if (r != 0) { ast_ari_response_alloc_failed(response); return; @@ -121,14 +129,20 @@ void ast_ari_endpoints_list_by_tech(struct ast_variable *headers, while ((obj = ao2_iterator_next(&i))) { RAII_VAR(struct stasis_message *, msg, obj, ao2_cleanup); struct ast_endpoint_snapshot *snapshot = stasis_message_data(msg); + struct ast_json *json_endpoint; int r; if (strcasecmp(args->tech, snapshot->tech) != 0) { continue; } + json_endpoint = ast_endpoint_snapshot_to_json(snapshot, stasis_app_get_sanitizer()); + if (!json_endpoint) { + continue; + } + r = ast_json_array_append( - json, ast_endpoint_snapshot_to_json(snapshot)); + json, json_endpoint); if (r != 0) { ast_ari_response_alloc_failed(response); return; @@ -151,7 +165,7 @@ void ast_ari_endpoints_get(struct ast_variable *headers, return; } - json = ast_endpoint_snapshot_to_json(snapshot); + json = ast_endpoint_snapshot_to_json(snapshot, stasis_app_get_sanitizer()); if (!json) { ast_ari_response_alloc_failed(response); return; |