[asterisk-dev] [Code Review] 2987: ARI: Don't leak information about implementation details

opticron reviewboard at asterisk.org
Wed Nov 6 13:46:47 CST 2013 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2987/
-----------------------------------------------------------

(Updated Nov. 6, 2013, 1:46 p.m.)


Review request for Asterisk Developers.


Changes
-------

Address Matt's concerns with sanitization callbacks.


Bugs: ASTERISK-22744
    https://issues.asterisk.org/jira/browse/ASTERISK-22744


Repository: Asterisk


Description (updated)
-------

This change prevents channels used as implementation details from leaking out to ARI. It does this by preventing creation of JSON blobs of channel snapshots created from those channels and sanitizing JSON blobs of bridge snapshots as they are created. This introduces a framework for excluding information from output targeted at Stasis applications on a consumer-by-consumer basis using channel sanitization callbacks which could be extended to bridges or endpoints if necessary.

This results in NULL inputs to ast_json_pack calls which generate unhelpful error messages, so that has been dealt with as well.

This also corrects a bug I noticed while investigating the issue where BridgeCreated events would not be created.


Diffs (updated)
-----

  branches/12/res/stasis/app.c 402347 
  branches/12/res/res_stasis.c 402347 
  branches/12/res/ari/resource_endpoints.c 402347 
  branches/12/res/ari/resource_channels.c 402347 
  branches/12/res/ari/resource_bridges.c 402347 
  branches/12/main/stasis_message.c 402347 
  branches/12/main/stasis_endpoints.c 402347 
  branches/12/main/stasis_channels.c 402347 
  branches/12/main/stasis_bridges.c 402347 
  branches/12/main/rtp_engine.c 402347 
  branches/12/main/json.c 402347 
  branches/12/include/asterisk/stasis_endpoints.h 402347 
  branches/12/include/asterisk/stasis_channels.h 402347 
  branches/12/include/asterisk/stasis_bridges.h 402347 
  branches/12/include/asterisk/stasis_app.h 402347 
  branches/12/include/asterisk/stasis.h 402347 

Diff: https://reviewboard.asterisk.org/r/2987/diff/


Testing
-------

Manual testing with bridges and channels.


Thanks,

opticron

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20131106/085e3f1b/attachment-0001.html>

More information about the asterisk-dev mailing list