From d9015a5356dfff70ce15ed2ea5726325de71d9e3 Mon Sep 17 00:00:00 2001 From: Kinsey Moore Date: Fri, 22 Nov 2013 20:10:46 +0000 Subject: ARI: Don't leak implementation details This change prevents channels used as implementation details from leaking out to ARI. It does this by preventing creation of JSON blobs of channel snapshots created from those channels and sanitizing JSON blobs of bridge snapshots as they are created. This introduces a framework for excluding information from output targeted at Stasis applications on a consumer-by-consumer basis using channel sanitization callbacks which could be extended to bridges or endpoints if necessary. This prevents unhelpful error messages from being generated by ast_json_pack. This also corrects a bug where BridgeCreated events would not be created. (closes issue ASTERISK-22744) Review: https://reviewboard.asterisk.org/r/2987/ Reported by: David M. Lee ........ Merged revisions 403069 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403070 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- res/ari/resource_channels.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'res/ari/resource_channels.c') diff --git a/res/ari/resource_channels.c b/res/ari/resource_channels.c index dc0058fa5..75d56d924 100644 --- a/res/ari/resource_channels.c +++ b/res/ari/resource_channels.c @@ -593,7 +593,7 @@ void ast_ari_channels_get(struct ast_variable *headers, ast_assert(snapshot != NULL); ast_ari_response_ok(response, - ast_channel_snapshot_to_json(snapshot)); + ast_channel_snapshot_to_json(snapshot, NULL)); } void ast_ari_channels_hangup(struct ast_variable *headers, @@ -639,6 +639,7 @@ void ast_ari_channels_list(struct ast_variable *headers, RAII_VAR(struct ast_json *, json, NULL, ast_json_unref); struct ao2_iterator i; void *obj; + struct stasis_message_sanitizer *sanitize = stasis_app_get_sanitizer(); cache = ast_channel_cache(); if (!cache) { @@ -661,14 +662,23 @@ void ast_ari_channels_list(struct ast_variable *headers, return; } - i = ao2_iterator_init(snapshots, 0); - while ((obj = ao2_iterator_next(&i))) { + for (i = ao2_iterator_init(snapshots, 0); + (obj = ao2_iterator_next(&i)); ao2_cleanup(obj)) { RAII_VAR(struct stasis_message *, msg, obj, ao2_cleanup); struct ast_channel_snapshot *snapshot = stasis_message_data(msg); - int r = ast_json_array_append( - json, ast_channel_snapshot_to_json(snapshot)); + int r; + + if (sanitize && sanitize->channel_snapshot + && sanitize->channel_snapshot(snapshot)) { + continue; + } + + r = ast_json_array_append( + json, ast_channel_snapshot_to_json(snapshot, NULL)); if (r != 0) { ast_ari_response_alloc_failed(response); + ao2_cleanup(obj); + ao2_iterator_destroy(&i); return; } } @@ -769,7 +779,7 @@ void ast_ari_channels_originate(struct ast_variable *headers, stasis_app_subscribe(args->app, uris, 1, NULL); } - ast_ari_response_ok(response, ast_channel_snapshot_to_json(snapshot)); + ast_ari_response_ok(response, ast_channel_snapshot_to_json(snapshot, NULL)); ast_channel_unref(chan); } -- cgit v1.2.3