Bug 715 - [AMP][WEBUI][API] Get list devices API exposes the device RESTAPI and CLI password in plaintext

Review Request #221 — Created April 15, 2024 and submitted April 16, 2024, 10:58 p.m.

Information
Owner:	pmurugaiyan
Repository:	AMP
Branch:	amp_3_6
Bugs:	715
Depends On:
Reviewers
Groups:
People:	apoorva.sn, prajesh, shuinvy

Description

Currenlt the REST APIs are exposing the console and RESTAPI passwords in plaintext as part the device details. To make our device data more secure made the passwords as None in the response. Now the current response strcuture is not modified, and also we are not exposing the sensitive data like the password. The user has to provide the password if they have to update the device configuration in future.

Testing Done

Changes are tested locally with lab AMP.

Files

Issues

Description	From	Last Updated
console_paaaword is getting deleted from dictionary.. so why it is still shown in the API output?	prajesh	April 15, 2024, 10:09 p.m.

branches/amp_3_6/src/webui/webui/htdocs/new/src/cm/models/device_mgmt/device/__init__.py (Diff revision 1)

Show all issues

console_paaaword is getting deleted from dictionary.. so why it is still shown in the API output?

pmurugaiyan April 15, 2024, 10:08 p.m.

each['console_account'] = {'console_username':each['console_username'], 'console_password':each['console_password']}

del each['console_username']

del each['console_password']
They are copying the values into "console_account", so they are removing the 'console_username', 'console_password' keys explicitly.

People:

+	shuinvy

Ship it!

```
Ship It!
```

Ship it!

```
Ship It!
```

You have a pending review.

Review Board 5.0.5

Bug 715 - [AMP][WEBUI][API] Get list devices API exposes the device RESTAPI and CLI password in plaintext

People:

Status: Closed (submitted)