brbzull0 opened a new pull request, #13141: URL: https://github.com/apache/trafficserver/pull/13141
The JSONRPC record-lookup handler serialized RecRecord values unconditionally, leaking current and default values for config records registered with RECA_NO_ACCESS to any caller able to reach the JSONRPC socket. Suppress the value fields in the YAML encoder for CONFIG records whose access_type is RECA_NO_ACCESS, while still emitting the type label and metadata so callers can see the record exists. Gate the check on REC_TYPE_IS_CONFIG since access_type lives in a union shared with stat_meta and must not be read for STAT records. Add a Catch2 unit test covering the default-access, no-access, and STAT union-safety cases. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
