Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Scriptrunner Cloud - check restricted page

For security reason we want to check if a Password is added to unrestricted pages

We are using following script:

def forbiddenWords = ['user/','password:','passwort:','pw:','pwd:'];
def pageId = page.id

def response = get("/wiki/rest/api/content/${pageId}")
.queryString("expand", "body.storage,space")
.asObject(Map).body

String pageBody = response.body.storage.value.toLowerCase()

forbiddenWords.each {
if (pageBody.contains(it)) {
String commentMessage = "👮️ Security Alert: word found: ${it} ❗️Do not store Password on a public page❗️"
logger.info(commentMessage)

def commentResponse = post("/wiki/rest/api/content")
.header("Content-Type", "application/json")
.body(
[
body : [
storage: [
representation: 'storage',
value : commentMessage
]
],
container: [
id : pageId,
type: 'page'
],
space : [
key: response.space.key
],
title : 'Do not store Password on a public page',
type : 'comment'
])
.asObject(Map)

logger.info("Comment response: {}", commentResponse)


 The script is working except well but  I need to add a  check if a Confluence page is restricted or not

 

Any hints are highly appreciated

 

2 answers

2 accepted

Thank to  @Kristian Walker _Adaptavist_   for the hint.

I am sharing the solution here for others which might have a similar requirement

I  have updated the script

1. It checks if a page is not restricted and the security_checked label does not exist

2. If a password is found on a page then it adds a comment and the label security_checked

def forbiddenWords = ['user/','password', 'passwort','pw','pwd', 'passwd'];
def pageId = page.id

def response = get("/wiki/rest/api/content/${pageId}")
.queryString("expand", "body.storage,space")
.asObject(Map).body

def label = get("/wiki/rest/api/content/${pageId}/label")
.header('Content-Type', 'application/json')
.asObject(Map)

def acl = get("/wiki/rest/api/content/${pageId}/restriction")
.header('Content-Type', 'application/json')
.asObject(Map)

String pageBody = response.body.storage.value.toLowerCase()
String acl_content = acl.body.restrictionsHash
String security_label = label.body.results.name

logger.info("ACL: " + acl_content)
logger.info("Security labels: " + security_label)

forbiddenWords.each {
if (pageBody.contains(it) && (!acl_content?.trim()) && !security_label.contains("security_checked"))
{
String commentMessage = "👮️ Security Alert: ❗️ ${it}❗️ found️. Please restrict the view access for this page if you store a password on this page."
logger.info(commentMessage)

def commentResponse = post("/wiki/rest/api/content")
.header("Content-Type", "application/json")
.body(
[
body : [
storage: [
representation: 'storage',
value : commentMessage
]
],
container: [
id : pageId,
type: 'page'
],
space : [
key: response.space.key
],
title : 'Do not store Password on a public page',
type : 'comment'
])
.asObject(Map)

logger.info("Comment response: {}", commentResponse)

def clabel = post("/wiki/rest/api/content/${pageId}/label")
.header('Content-Type', 'application/json')
.body([
"prefix": "global",
"name": "security_checked"

])
.asString().body
}
}

 If there is a better way to do this then I would appreciate your feedback

 

Peter

Sharing is caring :-)

Hi Peter,

Thank you for sharing the solution and I am glad my suggestion helped. 

Kristian

1 vote
Answer accepted

Hi Peter,

I can confirm that the Confluence Cloud Rest API contains the Get Restrictions API and you will be able to make a rest call to this API in your script to see for a specific page what restrictions it has set.

I hope this information helps.

Regards,

Kristian

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
Community showcase
Published in Confluence

Confluence Mythbusters: Does Atlassian even use Confluence?

Hi, Confluence collaborators! As part of #Confluence-Collaboratory month, we’ve created a very special Mythsbusters segment, where we're dive into an interesting myth and uncover the truth behind i...

1,683 views 7 31
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you