From 672eef54f4e3a0f7d2771f8b7cf36e65867b6220 Mon Sep 17 00:00:00 2001
From: Mihir Jham <mihir@cloudflare.com>
Date: Tue, 14 Jan 2020 17:21:53 -0800
Subject: [PATCH] update(core): Sanitizied the output of Summary to remove key
 material

---
 core/core.go | 43 +++++++++++++++++++++++++++++++++----------
 1 file changed, 33 insertions(+), 10 deletions(-)

diff --git a/core/core.go b/core/core.go
index 8882be8..ce24646 100644
--- a/core/core.go
+++ b/core/core.go
@@ -63,7 +63,7 @@ type DelegateRequest struct {
 }
 
 type CreateUserRequest struct {
-	Name	string
+	Name        string
 	Password    string
 	UserType    string
 	HipchatName string
@@ -113,7 +113,7 @@ type SSHSignWithRequest struct {
 type SSHSignatureWithDelegates struct {
 	SignatureFormat string
 	Signature       []byte
-	Secure	        bool
+	Secure          bool
 	Delegates       []string
 }
 
@@ -135,13 +135,13 @@ type ExportRequest struct {
 }
 
 type OrderRequest struct {
-	Name	  string
+	Name          string
 	Password      string
 	Duration      string
-	Uses	  int
-	Users	 []string
+	Uses          int
+	Users         []string
 	EncryptedData []byte
-	Labels	[]string
+	Labels        []string
 }
 
 type OrderInfoRequest struct {
@@ -178,10 +178,17 @@ type ResponseData struct {
 type SummaryData struct {
 	Status string
 	State  string
-	Live   map[string]keycache.ActiveUser
+	Live   map[string]ActiveUser
 	All    map[string]passvault.Summary
 }
 
+type ActiveUser struct {
+	keycache.Usage
+	AltNames map[string]string
+	Admin    bool
+	Type     string
+}
+
 type DecryptWithDelegates struct {
 	Data      []byte
 	Secure    bool
@@ -209,7 +216,7 @@ func jsonStatusError(err error) ([]byte, error) {
 }
 func jsonSummary() ([]byte, error) {
 	state := crypt.Status()
-	return json.Marshal(SummaryData{Status: "ok", State: state.State, Live: crypt.LiveSummary(), All: records.GetSummary()})
+	return json.Marshal(SummaryData{Status: "ok", State: state.State, Live: liveSummary(), All: records.GetSummary()})
 }
 func jsonResponse(resp []byte) ([]byte, error) {
 	return json.Marshal(ResponseData{Status: "ok", Response: resp})
@@ -253,6 +260,24 @@ func validateName(name, password string) error {
 	return nil
 }
 
+// liveSummary creates a sanitized version of cryptor.LiveSummary() without any key material
+func liveSummary() map[string]ActiveUser {
+	currLiveSummary := crypt.LiveSummary()
+	summaryData := make(map[string]ActiveUser)
+
+	for summaryInfo, activeUser := range currLiveSummary {
+		sanitizedActiveUser := ActiveUser{
+			Usage:    activeUser.Usage,
+			AltNames: activeUser.AltNames,
+			Admin:    activeUser.Admin,
+			Type:     activeUser.Type,
+		}
+		summaryData[summaryInfo] = sanitizedActiveUser
+	}
+
+	return summaryData
+}
+
 // Init reads the records from disk from a given path
 func Init(path string, config *config.Config) error {
 	var err error
@@ -723,7 +748,6 @@ func Decrypt(jsonIn []byte) ([]byte, error) {
 		}
 	}
 
-
 	resp := &DecryptWithDelegates{
 		Data:      data,
 		Secure:    secure,
@@ -819,7 +843,6 @@ func SSHSignWith(jsonIn []byte) ([]byte, error) {
 	return jsonResponse(out)
 }
 
-
 // Modify processes a modify request.
 func Modify(jsonIn []byte) ([]byte, error) {
 	var s ModifyRequest