Prevent nested encrypted field leak in activity stream.

2026-03-16 08:27:29 -02:30 · 2017-05-19 16:47:06 -04:00
parent 7c2e5df659
commit 7f1f68ee28
6 changed files with 119 additions and 30 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -1944,9 +1944,8 @@ class CredentialSerializer(BaseSerializer):
                if field in value and force_text(value[field]).startswith('$encrypted$'):
                    value[field] = '$encrypted$'

-        for k, v in value.get('inputs', {}).items():
-            if force_text(v).startswith('$encrypted$'):
-                value['inputs'][k] = '$encrypted$'
+        if 'inputs' in value:
+            value['inputs'] = data.display_inputs()
        return value

    def get_related(self, obj):
@@ -3203,11 +3202,8 @@ class NotificationTemplateSerializer(BaseSerializer):

    def to_representation(self, obj):
        ret = super(NotificationTemplateSerializer, self).to_representation(obj)
-        for field in obj.notification_class.init_parameters:
-            config = obj.notification_configuration
-            if field in config and force_text(config[field]).startswith('$encrypted$'):
-                config[field] = '$encrypted$'
-        ret['notification_configuration'] = config
+        if 'notification_configuration' in ret:
+            ret['notification_configuration'] = obj.display_notification_configuration()
        return ret

    def get_related(self, obj):