MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [systemsetting] Better checking if setting is sensitive

pull/7927/head
Jakub Onderka 2021-11-06 01:08:20 +01:00
parent 3e6e906ca6
commit 8f5a357e08
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/Model/SystemSetting.php
View File

@ -133,11 +133,17 @@ class SystemSetting extends AppModel
/**
* Sensitive setting are passwords or api keys.
* @param $setting
* @param string $setting Setting name
* @return bool
*/
public static function isSensitive($setting)
{
return strpos($setting, 'password') !== false || strpos($setting, 'apikey') !== false;
if ($setting === 'Security.encryption_key' || $setting === 'Security.salt') {
return true;
}
if (substr($setting, 0, 7) === 'Plugin.' && (strpos($setting, 'apikey') !== false || strpos($setting, 'secret') !== false)) {
return true;
}
return strpos($setting, 'password') !== false;
}
}