For security reason we want to check if a Password is added to unrestricted pages
We are using following script:
def forbiddenWords = ['user/','password:','passwort:','pw:','pwd:'];
def pageId = page.id
def response = get("/wiki/rest/api/content/${pageId}")
.queryString("expand", "body.storage,space")
.asObject(Map).body
String pageBody = response.body.storage.value.toLowerCase()
forbiddenWords.each {
if (pageBody.contains(it)) {
String commentMessage = "👮️ Security Alert: word found: ${it} ❗️Do not store Password on a public page❗️"
logger.info(commentMessage)
def commentResponse = post("/wiki/rest/api/content")
.header("Content-Type", "application/json")
.body(
[
body : [
storage: [
representation: 'storage',
value : commentMessage
]
],
container: [
id : pageId,
type: 'page'
],
space : [
key: response.space.key
],
title : 'Do not store Password on a public page',
type : 'comment'
])
.asObject(Map)
logger.info("Comment response: {}", commentResponse)
The script is working except well but I need to add a check if a Confluence page is restricted or not
Any hints are highly appreciated
Thank to @Kristian Walker _Adaptavist_ for the hint.
I am sharing the solution here for others which might have a similar requirement
I have updated the script
1. It checks if a page is not restricted and the security_checked label does not exist
2. If a password is found on a page then it adds a comment and the label security_checked
def forbiddenWords = ['user/','password', 'passwort','pw','pwd', 'passwd'];
def pageId = page.id
def response = get("/wiki/rest/api/content/${pageId}")
.queryString("expand", "body.storage,space")
.asObject(Map).body
def label = get("/wiki/rest/api/content/${pageId}/label")
.header('Content-Type', 'application/json')
.asObject(Map)
def acl = get("/wiki/rest/api/content/${pageId}/restriction")
.header('Content-Type', 'application/json')
.asObject(Map)
String pageBody = response.body.storage.value.toLowerCase()
String acl_content = acl.body.restrictionsHash
String security_label = label.body.results.name
logger.info("ACL: " + acl_content)
logger.info("Security labels: " + security_label)
forbiddenWords.each {
if (pageBody.contains(it) && (!acl_content?.trim()) && !security_label.contains("security_checked"))
{
String commentMessage = "👮️ Security Alert: ❗️ ${it}❗️ found️. Please restrict the view access for this page if you store a password on this page."
logger.info(commentMessage)
def commentResponse = post("/wiki/rest/api/content")
.header("Content-Type", "application/json")
.body(
[
body : [
storage: [
representation: 'storage',
value : commentMessage
]
],
container: [
id : pageId,
type: 'page'
],
space : [
key: response.space.key
],
title : 'Do not store Password on a public page',
type : 'comment'
])
.asObject(Map)
logger.info("Comment response: {}", commentResponse)
def clabel = post("/wiki/rest/api/content/${pageId}/label")
.header('Content-Type', 'application/json')
.body([
"prefix": "global",
"name": "security_checked"
])
.asString().body
}
}
If there is a better way to do this then I would appreciate your feedback
Peter
Sharing is caring :-)
Hi Peter,
Thank you for sharing the solution and I am glad my suggestion helped.
Kristian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Peter,
I can confirm that the Confluence Cloud Rest API contains the Get Restrictions API and you will be able to make a rest call to this API in your script to see for a specific page what restrictions it has set.
I hope this information helps.
Regards,
Kristian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.