fix(central-ui): never render DB connection strings on Integration Definitions list
Connection strings carry credentials; the Database Connections tab rendered the full string (text + title tooltip) for any Design/Admin user. Replace with a non-sensitive 'hidden — edit to view' hint so it never reaches the browser DOM. Connection strings remain editable on the create/edit form. Adds a bUnit regression guard asserting the seeded secret is absent from the rendered list.
This commit is contained in:
Joseph Doherty
@@ -245,7 +245,8 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<p class="small text-muted text-truncate mb-1" title="@dc.ConnectionString">@dc.ConnectionString</p>
|
@* Connection strings carry credentials — never rendered here (not even for admins). Shown only on the create/edit form. *@
|
||||||
|
<p class="small text-muted fst-italic mb-1">Connection string hidden — edit to view</p>
|
||||||
<div>
|
<div>
|
||||||
<span class="badge bg-light text-dark me-1">Max @dc.MaxRetries retries</span>
|
<span class="badge bg-light text-dark me-1">Max @dc.MaxRetries retries</span>
|
||||||
<span class="badge bg-light text-dark">Delay @dc.RetryDelay.TotalSeconds s</span>
|
<span class="badge bg-light text-dark">Delay @dc.RetryDelay.TotalSeconds s</span>
|
||||||
|
|||||||
+73
@@ -0,0 +1,73 @@
|
|||||||
|
using System.Security.Claims;
|
||||||
|
using Bunit;
|
||||||
|
using Microsoft.AspNetCore.Components.Authorization;
|
||||||
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
using NSubstitute;
|
||||||
|
using ZB.MOM.WW.ScadaBridge.CentralUI.Components.Shared;
|
||||||
|
using ZB.MOM.WW.ScadaBridge.Commons.Entities.ExternalSystems;
|
||||||
|
using ZB.MOM.WW.ScadaBridge.Commons.Entities.InboundApi;
|
||||||
|
using ZB.MOM.WW.ScadaBridge.Commons.Interfaces.Repositories;
|
||||||
|
using ZB.MOM.WW.ScadaBridge.Security;
|
||||||
|
using ExternalSystems = ZB.MOM.WW.ScadaBridge.CentralUI.Components.Pages.Design.ExternalSystems;
|
||||||
|
|
||||||
|
namespace ZB.MOM.WW.ScadaBridge.CentralUI.Tests.Design;
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Security regression guard: the Integration Definitions list (Database Connections
|
||||||
|
/// tab) must NEVER render a connection string — it carries credentials. Connection
|
||||||
|
/// strings are shown only on the create/edit form. This test seeds a connection whose
|
||||||
|
/// string contains a sentinel password and asserts it is absent from the rendered
|
||||||
|
/// markup of the list (so it never reaches the browser DOM, even for an admin/designer).
|
||||||
|
/// </summary>
|
||||||
|
public class ExternalSystemsConnectionStringHidingTests : BunitContext
|
||||||
|
{
|
||||||
|
private readonly IExternalSystemRepository _repo = Substitute.For<IExternalSystemRepository>();
|
||||||
|
private readonly IInboundApiRepository _inbound = Substitute.For<IInboundApiRepository>();
|
||||||
|
private readonly IDialogService _dialog = Substitute.For<IDialogService>();
|
||||||
|
|
||||||
|
public ExternalSystemsConnectionStringHidingTests()
|
||||||
|
{
|
||||||
|
Services.AddSingleton(_repo);
|
||||||
|
Services.AddSingleton(_inbound);
|
||||||
|
Services.AddSingleton(_dialog);
|
||||||
|
|
||||||
|
var claims = new[]
|
||||||
|
{
|
||||||
|
new Claim(JwtTokenService.UsernameClaimType, "tester"),
|
||||||
|
new Claim(JwtTokenService.RoleClaimType, "Designer"),
|
||||||
|
};
|
||||||
|
var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
|
||||||
|
Services.AddSingleton<AuthenticationStateProvider>(new TestAuthStateProvider(user));
|
||||||
|
Services.AddAuthorizationCore();
|
||||||
|
AuthorizationPolicies.AddScadaBridgeAuthorization(Services);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public void DbConnectionsTab_DoesNotRenderConnectionString()
|
||||||
|
{
|
||||||
|
const string secret = "Server=db.internal;User Id=sa;Password=SuperSecret#123;";
|
||||||
|
|
||||||
|
_repo.GetAllExternalSystemsAsync(Arg.Any<CancellationToken>())
|
||||||
|
.Returns((IReadOnlyList<ExternalSystemDefinition>)new List<ExternalSystemDefinition>());
|
||||||
|
_repo.GetAllDatabaseConnectionsAsync(Arg.Any<CancellationToken>())
|
||||||
|
.Returns((IReadOnlyList<DatabaseConnectionDefinition>)new List<DatabaseConnectionDefinition>
|
||||||
|
{
|
||||||
|
new("AppDb", secret) { Id = 1 },
|
||||||
|
});
|
||||||
|
_inbound.GetAllApiMethodsAsync(Arg.Any<CancellationToken>())
|
||||||
|
.Returns((IReadOnlyList<ApiMethod>)new List<ApiMethod>());
|
||||||
|
|
||||||
|
var cut = Render<ExternalSystems>();
|
||||||
|
|
||||||
|
// Wait for the async load to complete (tabs render only once _loading == false),
|
||||||
|
// then activate the Database Connections tab so its cards render.
|
||||||
|
cut.WaitForAssertion(() =>
|
||||||
|
Assert.Contains(cut.FindAll("button.nav-link"), b => b.TextContent.Contains("Database Connections")));
|
||||||
|
cut.FindAll("button.nav-link").First(b => b.TextContent.Contains("Database Connections")).Click();
|
||||||
|
cut.WaitForAssertion(() => Assert.Contains("AppDb", cut.Markup));
|
||||||
|
|
||||||
|
// The card renders (name visible) but the credential-bearing connection string must not.
|
||||||
|
Assert.DoesNotContain(secret, cut.Markup);
|
||||||
|
Assert.DoesNotContain("SuperSecret#123", cut.Markup);
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user