Merge pull request #1331 from yogeshojha/1213-feat-mask-api-keys-in-s…

…ettings-view Mask API keys Fixes #1213
yogeshojha · Jul 31, 2024 · b372f8a · b372f8a
2 parents db0348c + 2e04e2e
commit b372f8a
Show file tree

Hide file tree

Showing 5 changed files with 108 additions and 53 deletions.
diff --git a/web/scanEngine/admin.py b/web/scanEngine/admin.py
@@ -9,3 +9,4 @@
 admin.site.register(Notification)
 admin.site.register(VulnerabilityReportSetting)
 admin.site.register(InstalledExternalTool)
+admin.site.register(Hackerone)
diff --git a/web/scanEngine/forms.py b/web/scanEngine/forms.py
@@ -176,12 +176,14 @@ class Meta:
 
     slack_hook_url = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "slack_hook_url",
                 "placeholder": "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX",
-            }))
+            },
+            render_value=True
+        ))
 
     send_to_lark = forms.BooleanField(
         required=False,
@@ -193,12 +195,14 @@ class Meta:
 
     lark_hook_url = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "lark_hook_url",
                 "placeholder": "https://open.larksuite.com/open-apis/bot/v2/hook/XXXXXXXXXXXXXXXXXXXXXXXX",
-            }))
+            },
+            render_value=True
+        ))
 
     send_to_discord = forms.BooleanField(
         required=False,
@@ -210,12 +214,14 @@ class Meta:
 
     discord_hook_url = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "discord_hook_url",
                 "placeholder": "https://discord.com/api/webhooks/000000000000000000/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-            }))
+            },
+            render_value=True
+        ))
 
     send_to_telegram = forms.BooleanField(
         required=False,
@@ -227,21 +233,25 @@ class Meta:
 
     telegram_bot_token = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "telegram_bot_token",
                 "placeholder": "Bot Token",
-            }))
+            },
+            render_value=True
+        ))
 
     telegram_bot_chat_id = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "telegram_bot_chat_id",
                 "placeholder": "Bot Chat ID",
-            }))
+            },
+            render_value=True
+        ))
 
     send_scan_status_notif = forms.BooleanField(
         required=False,
@@ -399,12 +409,14 @@ class Meta:
 
     api_key = forms.CharField(
         required=True,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
                 "class": "form-control form-control-lg",
                 "id": "api_key",
                 "placeholder": "Hackerone API Token",
-            }))
+            },
+            render_value=True
+        ))
 
     send_critical = forms.BooleanField(
         required=False,

diff --git a/web/scanEngine/templates/scanEngine/settings/api.html b/web/scanEngine/templates/scanEngine/settings/api.html
@@ -29,21 +29,31 @@
               <div class="mb-3">
                 <label for="key_openai" class="form-label">OpenAI</label>
                 <p class="text-muted">OpenAI keys will be used to generate vulnerability description, remediation, impact and vulnerability report writing using GPT.</p>
+                <div class="flex-grow-1 position-relative">
                 {% if openai_key %}
-                  <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key" value="{{openai_key}}">
+                  <input class="form-control" type="password" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key" value="{{openai_key}}">
                 {% else %}
                   <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key">
                 {% endif %}
+                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                    <span class="password-eye"></span>
+                  </div>
+                </div>
                 <span class="text-muted float-end">This is optional but recommended.</span>
               </div>
               <div class="mb-3">
                 <label for="key_netlas" class="form-label">Netlas</label>
                 <p class="text-muted">Netlas keys will be used to get whois information and other OSINT related data.</p>
+                <div class="flex-grow-1 position-relative">
                 {% if netlas_key %}
-                  <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key" value="{{netlas_key}}">
+                  <input class="form-control" type="password" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key" value="{{netlas_key}}">
                 {% else %}
                   <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key">
                 {% endif %}
+                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                    <span class="password-eye"></span>
+                  </div>
+                </div>
                 <span class="text-muted float-end">This is optional</span>
               </div>
               <div class="mb-0">

diff --git a/web/scanEngine/templates/scanEngine/settings/hackerone.html b/web/scanEngine/templates/scanEngine/settings/hackerone.html
@@ -43,11 +43,16 @@ <h4 class="header-title">Hackerone Automatic Vulnerability Report Settings</h4>
           <div class="row">
             <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
               <label for="hackerone_username"  class="form-label">Your Hackerone Username (Not email)</label>
-              {{form.username}}
+              {{ form.username }}
             </div>
             <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
               <label for="hackerone_api_token" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
-              {{form.api_key}}
+              <div class="flex-grow-1 position-relative">
+              {{ form.api_key }}
+              <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                <span class="password-eye"></span>
+              </div>
+              </div>
             </div>
           </div>
           <a class="btn btn-primary float-end mt-3" href="javascript:test_hackerone()" role="button">