Support for insecure AuC via config.yaml

nickvsnetworking · Nov 7, 2023 · 2db2eb1 · 2db2eb1
1 parent e2bb2d0
commit 2db2eb1
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -21,9 +21,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
-- Support for CLR-based PCSCF restoration via /pcrf/pcscf_restoration and /pcrf/pcscf_restoration_subscriber in API.
+- Support for CLR-based PCSCF restoration via `/pcrf/pcscf_restoration` and `/pcrf/pcscf_restoration_subscriber` in API.
 - Optional immediateReattach parameter in Request_16777251_317, via CLR-Flags
 - Sh-IMS-Data and IMSPrivateUserIdentity to default_sh_user_data.xml
+- Optional config parameter `api.enable_insecure_auc` to allow retrieval of AuC keys through API
 
 ## [1.0.0] - 2023-09-27
 

diff --git a/config.yaml b/config.yaml
@@ -67,6 +67,8 @@ hss:
 
 api:
   page_size: 200
+  # Whether or not to return key-based data when querying the AUC. Disable in production systems.
+  enable_insecure_auc: False
 
 benchmarking:
   # Whether to enable benchmark logging

diff --git a/lib/database.py b/lib/database.py
@@ -991,7 +991,6 @@ def GetAll(self, obj_type):
             record = record.__dict__
             record.pop('_sa_instance_state')
             record = self.Sanitize_Datetime(record)
-            record = self.Sanitize_Keys(record)
             final_result_list.append(record)
 
         self.safe_close(session)
@@ -1023,7 +1022,6 @@ def getAllPaginated(self, obj_type, page=0, page_size=0, existingSession=None):
                 record = record.__dict__
                 record.pop('_sa_instance_state')
                 record = self.Sanitize_Datetime(record)
-                record = self.Sanitize_Keys(record)
                 final_result_list.append(record)
 
             self.safe_close(session)
@@ -1056,7 +1054,6 @@ def GetAllByTable(self, obj_type, table):
             record = record.__dict__
             record.pop('_sa_instance_state')
             record = self.Sanitize_Datetime(record)
-            record = self.Sanitize_Keys(record)
             final_result_list.append(record)
 
         self.safe_close(session)

diff --git a/services/apiService.py b/services/apiService.py
@@ -35,6 +35,8 @@
 redisUseUnixSocket = config.get('redis', {}).get('useUnixSocket', False)
 redisUnixSocketPath = config.get('redis', {}).get('unixSocketPath', '/var/run/redis/redis-server.sock')
 
+insecureAuc = config.get('api', {}).get('enable_insecure_auc', False)
+
 redisMessaging = RedisMessaging(host=redisHost, port=redisPort, useUnixSocket=redisUseUnixSocket, unixSocketPath=redisUnixSocketPath)
 
 logTool = LogTool(config)
@@ -351,7 +353,9 @@ def get(self, auc_id):
         '''Get all AuC data for specified AuC ID'''
         try:
             auc_data = databaseClient.GetObj(AUC, auc_id)
-            auc_data = databaseClient.Sanitize_Keys(auc_data)
+
+            if not insecureAuc:
+                auc_data = databaseClient.Sanitize_Keys(auc_data)
             return auc_data, 200
         except Exception as E:
             print(E)
@@ -378,7 +382,8 @@ def patch(self, auc_id):
             args = parser.parse_args()
             operation_id = args.get('operation_id', None)
             auc_data = databaseClient.UpdateObj(AUC, json_data, auc_id, False, operation_id)
-            auc_data = databaseClient.Sanitize_Keys(auc_data)
+            if not insecureAuc:
+                auc_data = databaseClient.Sanitize_Keys(auc_data)
             print("Updated object")
             print(auc_data)
 
@@ -393,7 +398,8 @@ def get(self, iccid):
         '''Get all AuC data for specified ICCID'''
         try:
             auc_data = databaseClient.Get_AuC(iccid=iccid)
-            auc_data = databaseClient.Sanitize_Keys(auc_data)
+            if not insecureAuc:
+                auc_data = databaseClient.Sanitize_Keys(auc_data)
             return auc_data, 200
         except Exception as E:
             print(E)
@@ -405,7 +411,8 @@ def get(self, imsi):
         '''Get all AuC data for specified IMSI'''
         try:
             auc_data = databaseClient.Get_AuC(imsi=imsi)
-            auc_data = databaseClient.Sanitize_Keys(auc_data)
+            if not insecureAuc:
+                auc_data = databaseClient.Sanitize_Keys(auc_data)
             return auc_data, 200
         except Exception as E:
             print(E)
@@ -423,7 +430,6 @@ def put(self):
             args = parser.parse_args()
             operation_id = args.get('operation_id', None)
             data = databaseClient.CreateObj(AUC, json_data, False, operation_id)
-
             return data, 200
         except Exception as E:
             print(E)
@@ -437,6 +443,12 @@ def get(self):
         try:
             args = paginatorParser.parse_args()
             data = databaseClient.getAllPaginated(AUC, args['page'], args['page_size'])
+            if not insecureAuc:
+                sanitizedData = []
+                for aucRecord in data:
+                    databaseClient.Sanitize_Keys(aucRecord)
+                    sanitizedData.append(aucRecord)
+                return sanitizedData
             return (data), 200
         except Exception as E:
             print(E)