Prevent server details from being persisted to the disk

OctopusSolutionsEngineering · Oct 8, 2024 · 0e63c9c · 0e63c9c
1 parent aeccbd7
commit 0e63c9c
Showing 1 changed file with 21 additions and 1 deletion.
diff --git a/cmd/azure/octolint.go b/cmd/azure/octolint.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"encoding/json"
 	"github.com/OctopusSolutionsEngineering/OctopusRecommendationEngine/internal/args"
 	"github.com/OctopusSolutionsEngineering/OctopusRecommendationEngine/internal/checks"
 	"github.com/OctopusSolutionsEngineering/OctopusRecommendationEngine/internal/entry"
@@ -50,7 +51,14 @@ func octoterraHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	err = os.WriteFile(file.Name(), []byte(respBytes), 0644)
+	configJson, err := sanitizeConfig(respBytes)
+
+	if err != nil {
+		handleError(err, w)
+		return
+	}
+
+	err = os.WriteFile(file.Name(), configJson, 0644)
 
 	if err != nil {
 		handleError(err, w)
@@ -108,6 +116,18 @@ func octoterraHandler(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+// sanitizeConfig removes sensitive information from the config so it is not
+// persisted to the disk.
+func sanitizeConfig(rawConfig []byte) ([]byte, error) {
+	config := map[string]string{}
+	if err := json.Unmarshal(rawConfig, &config); err != nil {
+		return nil, err
+	}
+	delete(config, "apiKey")
+	delete(config, "url")
+	return json.Marshal(config)
+}
+
 func handleError(err error, w http.ResponseWriter) {
 	zap.L().Error(err.Error())
 	w.WriteHeader(500)