json: when making a copy of a json variant, propagate the sensitive bit

Let's make sure we never lose the bit when copying a variant, after all
the data contained is still going to be sensitive after the copy.

diff --git a/src/shared/json.c b/src/shared/json.c
index 132dda14fc8bbca8d2bd178d3c7b233e241c459c..330ad456eea4d516925d81e8de833e5977f26545 100644 (file)
--- a/src/shared/json.c
+++ b/src/shared/json.c
@@ -1396,6 +1396,19 @@ void json_variant_sensitive(JsonVariant *v) {
         v->sensitive = true;
 }
 
+bool json_variant_is_sensitive(JsonVariant *v) {
+        v = json_variant_formalize(v);
+        if (!json_variant_is_regular(v))
+                return false;
+
+        return v->sensitive;
+}
+
+static void json_variant_propagate_sensitive(JsonVariant *from, JsonVariant *to) {
+        if (json_variant_is_sensitive(from))
+                json_variant_sensitive(to);
+}
+
 int json_variant_get_source(JsonVariant *v, const char **ret_source, unsigned *ret_line, unsigned *ret_column) {
         assert_return(v, -EINVAL);
 
@@ -1829,6 +1842,8 @@ int json_variant_filter(JsonVariant **v, char **to_remove) {
         if (r < 0)
                 return r;
 
+        json_variant_propagate_sensitive(*v, w);
+
         json_variant_unref(*v);
         *v = TAKE_PTR(w);
 
@@ -1898,6 +1913,8 @@ int json_variant_set_field(JsonVariant **v, const char *field, JsonVariant *valu
         if (r < 0)
                 return r;
 
+        json_variant_propagate_sensitive(*v, w);
+
         json_variant_unref(*v);
         *v = TAKE_PTR(w);
 
@@ -2005,6 +2022,9 @@ int json_variant_merge(JsonVariant **v, JsonVariant *m) {
         if (r < 0)
                 return r;
 
+        json_variant_propagate_sensitive(*v, w);
+        json_variant_propagate_sensitive(m, w);
+
         json_variant_unref(*v);
         *v = TAKE_PTR(w);
 
@@ -2044,10 +2064,11 @@ int json_variant_append_array(JsonVariant **v, JsonVariant *element) {
 
                 r = json_variant_new_array(&nv, array, i + 1);
         }
-
         if (r < 0)
                 return r;
 
+        json_variant_propagate_sensitive(*v, nv);
+
         json_variant_unref(*v);
         *v = TAKE_PTR(nv);
 
@@ -2193,6 +2214,8 @@ static int json_variant_copy(JsonVariant **nv, JsonVariant *v) {
 
         memcpy_safe(&c->value, source, k);
 
+        json_variant_propagate_sensitive(v, c);
+
         *nv = c;
         return 0;
 }
@@ -4178,6 +4201,9 @@ int json_variant_sort(JsonVariant **v) {
         r = json_variant_new_object(&n, a, m);
         if (r < 0)
                 return r;
+
+        json_variant_propagate_sensitive(*v, n);
+
         if (!n->sorted) /* Check if this worked. This will fail if there are multiple identical keys used. */
                 return -ENOTUNIQ;
 
@@ -4226,6 +4252,9 @@ int json_variant_normalize(JsonVariant **v) {
         }
         if (r < 0)
                 goto finish;
+
+        json_variant_propagate_sensitive(*v, n);
+
         if (!n->normalized) { /* Let's see if normalization worked. It will fail if there are multiple
                                * identical keys used in the same object anywhere, or if there are floating
                                * point numbers used (see below) */

diff --git a/src/shared/json.h b/src/shared/json.h
index a4e5b6f507bae7af81c858baa858e4dbe93ef5c8..ceb01a2028a461838bddfceb7f6424eb48d7edb9 100644 (file)
--- a/src/shared/json.h
+++ b/src/shared/json.h
@@ -135,6 +135,7 @@ JsonVariant *json_variant_by_key_full(JsonVariant *v, const char *key, JsonVaria
 bool json_variant_equal(JsonVariant *a, JsonVariant *b);
 
 void json_variant_sensitive(JsonVariant *v);
+bool json_variant_is_sensitive(JsonVariant *v);
 
 struct json_variant_foreach_state {
         JsonVariant *variant;