Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Scriptrunner Cloud - check restricted page

Peter Reiser
Peter Reiser
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 23, 2021

For security reason we want to check if a Password is added to unrestricted pages

We are using following script:

def forbiddenWords = ['user/','password:','passwort:','pw:','pwd:'];
def pageId = page.id

def response = get("/wiki/rest/api/content/${pageId}")
.queryString("expand", "body.storage,space")
.asObject(Map).body

String pageBody = response.body.storage.value.toLowerCase()

forbiddenWords.each {
if (pageBody.contains(it)) {
String commentMessage = "👮️ Security Alert: word found: ${it} ❗️Do not store Password on a public page❗️"
logger.info(commentMessage)

def commentResponse = post("/wiki/rest/api/content")
.header("Content-Type", "application/json")
.body(
[
body : [
storage: [
representation: 'storage',
value : commentMessage
]
],
container: [
id : pageId,
type: 'page'
],
space : [
key: response.space.key
],
title : 'Do not store Password on a public page',
type : 'comment'
])
.asObject(Map)

logger.info("Comment response: {}", commentResponse)


 The script is working except well but  I need to add a  check if a Confluence page is restricted or not

 

Any hints are highly appreciated

 

Answer
Watch
Like Be the first to like this
384 views

2 answers

2 accepted

1 vote
Answer accepted
Peter Reiser
Peter Reiser
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 23, 2021

Thank to  @Kristian Walker _Adaptavist_   for the hint.

I am sharing the solution here for others which might have a similar requirement

I  have updated the script

1. It checks if a page is not restricted and the security_checked label does not exist

2. If a password is found on a page then it adds a comment and the label security_checked

def forbiddenWords = ['user/','password', 'passwort','pw','pwd', 'passwd'];
def pageId = page.id

def response = get("/wiki/rest/api/content/${pageId}")
.queryString("expand", "body.storage,space")
.asObject(Map).body

def label = get("/wiki/rest/api/content/${pageId}/label")
.header('Content-Type', 'application/json')
.asObject(Map)

def acl = get("/wiki/rest/api/content/${pageId}/restriction")
.header('Content-Type', 'application/json')
.asObject(Map)

String pageBody = response.body.storage.value.toLowerCase()
String acl_content = acl.body.restrictionsHash
String security_label = label.body.results.name

logger.info("ACL: " + acl_content) 
logger.info("Security labels: " + security_label)

forbiddenWords.each {
if (pageBody.contains(it) && (!acl_content?.trim()) && !security_label.contains("security_checked")) 
{
String commentMessage = "👮️ Security Alert: ❗️ ${it}❗️ found️. Please restrict the view access for this page if you store a password on this page."
logger.info(commentMessage)

def commentResponse = post("/wiki/rest/api/content")
.header("Content-Type", "application/json")
.body(
[
body : [
storage: [
representation: 'storage',
value : commentMessage
]
],
container: [
id : pageId,
type: 'page'
],
space : [
key: response.space.key
],
title : 'Do not store Password on a public page',
type : 'comment'
])
.asObject(Map)

logger.info("Comment response: {}", commentResponse)

def clabel = post("/wiki/rest/api/content/${pageId}/label")
.header('Content-Type', 'application/json')
.body([
"prefix": "global",
"name": "security_checked"

])
.asString().body 
}
}

 If there is a better way to do this then I would appreciate your feedback

 

Peter

Sharing is caring :-)

View More Comments
Kristian Walker _Adaptavist_
Kristian Walker _Adaptavist_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 24, 2021

Hi Peter,

Thank you for sharing the solution and I am glad my suggestion helped. 

Kristian

Like
Reply
1 vote
Answer accepted
Kristian Walker _Adaptavist_
Kristian Walker _Adaptavist_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 23, 2021

Hi Peter,

I can confirm that the Confluence Cloud Rest API contains the Get Restrictions API and you will be able to make a rest call to this API in your script to see for a specific page what restrictions it has set.

I hope this information helps.

Regards,

Kristian

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events