Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hide tokens and authorization info in the generated report #31

Closed
6 tasks done
camilamaia opened this issue Aug 6, 2019 · 0 comments · Fixed by #185
Closed
6 tasks done

Hide tokens and authorization info in the generated report #31

camilamaia opened this issue Aug 6, 2019 · 0 comments · Fixed by #185
Assignees
@gillianomenezes
Labels
Feature New feature or request Reporter Related with the API doc generated by ScanAPI Security Affects security of the project.

Comments

@camilamaia
Copy link
Member

camilamaia commented Aug 6, 2019
edited

Description

Add the possibility to hide tokens and authorization info in the generated report to avoid expose sensitive information via configuration file (usually .scanapi.yaml).

Change the sensitive information value to <sensitive_information>

Configuration Options:

  • report
    -- hide-response or hide-request
    --- headers or body or url
    ---- list of keys to hide

Example:

report:
  hide-response:
    headers:
      - Authorization
      - api-key
  hide-response:
    body:
      - api-key

The logic is implemented inside the hide_sensitive_info method

Example of how this should be rendered in the reports:

image

  • header for request
  • header for response
  • body for request
  • body for response
  • url for request
  • url for response
@camilamaia camilamaia changed the title Hide token and authorization info in the docs Hide token and authorization info in the generated doc Aug 6, 2019
@camilamaia camilamaia added Reporter Related with the API doc generated by ScanAPI Security Affects security of the project. labels Aug 6, 2019
@camilamaia camilamaia changed the title Hide token and authorization info in the generated doc Hide tokens and authorization info in the generated doc Aug 6, 2019
@camilamaia camilamaia added the Feature New feature or request label Aug 6, 2019
@camilamaia camilamaia mentioned this issue Aug 6, 2019
Merged
@camilamaia camilamaia changed the title Hide tokens and authorization info in the generated doc Hide tokens and authorization info in the generated report Nov 4, 2019
@camilamaia camilamaia mentioned this issue Apr 21, 2020
Merged
@gillianomenezes gillianomenezes self-assigned this Jun 5, 2020
@gillianomenezes gillianomenezes mentioned this issue Jun 22, 2020
Merged
@camilamaia camilamaia mentioned this issue Oct 8, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gillianomenezes gillianomenezes

Labels
Feature New feature or request Reporter Related with the API doc generated by ScanAPI Security Affects security of the project.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Hide sensitive info url scanapi/scanapi
2 participants
@camilamaia @gillianomenezes