[asterisk-dev] [Code Review] 2987: ARI: Don't leak information about implementation details

Matt Jordan reviewboard at asterisk.org
Tue Nov 5 15:54:42 CST 2013 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2987/#review10124
-----------------------------------------------------------



branches/12/main/stasis_bridges.c
<https://reviewboard.asterisk.org/r/2987/#comment19395>

    I don't think this is the right place to do this.
    
    You should not alter the producers of the Stasis messages when filtering out internal implementation details. The fact that ARI doesn't want to see certain channel drivers does not mean that other modules won't want to see them - and you're arbitrarily preventing them from getting those details.
    
    The filtering of these needs to be done at the consumer.


- Matt Jordan


On Nov. 1, 2013, 7:14 p.m., opticron wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2987/
> -----------------------------------------------------------
> 
> (Updated Nov. 1, 2013, 7:14 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Bugs: ASTERISK-22744
>     https://issues.asterisk.org/jira/browse/ASTERISK-22744
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> This change prevents channels used as implementation details from leaking out to ARI. It does this by preventing creation of JSON blobs of channel snapshots created from those channels and sanitizing JSON blobs of bridge snapshots as they are created.
> 
> This results in NULL inputs to ast_json_pack calls which generate unhelpful error messages, so that has been dealt with as well.
> 
> This also corrects a bug I noticed while investigating the issue where BridgeCreated events would not be created.
> 
> 
> Diffs
> -----
> 
>   branches/12/res/stasis/app.c 402347 
>   branches/12/main/stasis_channels.c 402347 
>   branches/12/main/stasis_bridges.c 402347 
>   branches/12/main/json.c 402347 
> 
> Diff: https://reviewboard.asterisk.org/r/2987/diff/
> 
> 
> Testing
> -------
> 
> Manual testing with bridges and channels.
> 
> 
> Thanks,
> 
> opticron
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20131105/638014cb/attachment.html>

More information about the asterisk-dev mailing list