fix: merge sensitive data when updating pages with sanitized fetcher config

(cherry picked from commit d86b31d)

Author: ankita-gupta21

gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/apim/core/documentation/domain_service/PageSourceDomainService.java

@@ -26,4 +26,6 @@ public interface PageSourceDomainService {
     void setContentFromSource(Page page);
 
     void removeSensitiveData(Page page);
+
+    void mergeSensitiveData(Page oldPage, Page newPage);
 }

gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/apim/core/documentation/use_case/ApiUpdateDocumentationPageUseCase.java

@@ -22,6 +22,7 @@
 import io.gravitee.apim.core.documentation.domain_service.ApiDocumentationDomainService;
 import io.gravitee.apim.core.documentation.domain_service.DocumentationValidationDomainService;
 import io.gravitee.apim.core.documentation.domain_service.HomepageDomainService;
+import io.gravitee.apim.core.documentation.domain_service.PageSourceDomainService;
 import io.gravitee.apim.core.documentation.domain_service.UpdateApiDocumentationDomainService;
 import io.gravitee.apim.core.documentation.model.AccessControl;
 import io.gravitee.apim.core.documentation.model.Page;
@@ -45,6 +46,7 @@ public class ApiUpdateDocumentationPageUseCase {
     private final PageCrudService pageCrudService;
     private final PageQueryService pageQueryService;
     private final DocumentationValidationDomainService documentationValidationDomainService;
+    private final PageSourceDomainService pageSourceDomainService;
 
     public Output execute(Input input) {
         var api = this.apiCrudService.get(input.apiId);
@@ -77,6 +79,10 @@ public Output execute(Input input) {
 
         var pageToUpdate = newPage.build();
 
+        if (pageToUpdate.getSource() != null && oldPage.getSource() != null) {
+            this.pageSourceDomainService.mergeSensitiveData(oldPage, pageToUpdate);
+        }
+
         if (!Objects.equals(oldPage.getContent(), input.content) || !Objects.equals(oldPage.getSource(), input.source)) {
             pageToUpdate = this.documentationValidationDomainService.validateAndSanitizeForUpdate(
                 pageToUpdate,

gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/apim/infra/domain_service/documentation/PageSourceDomainServiceImpl.java

@@ -80,6 +80,49 @@ public void removeSensitiveData(Page page) {
         });
     }
 
+    @Override
+    public void mergeSensitiveData(Page oldPage, Page newPage) {
+        if (oldPage.getSource() == null || newPage.getSource() == null) {
+            return;
+        }
+        if (oldPage.getSource().getConfiguration() == null || newPage.getSource().getConfiguration() == null) {
+            return;
+        }
+
+        var oldFetcherOpt = loadFetcher(oldPage);
+        var newFetcherOpt = loadFetcher(newPage);
+
+        if (oldFetcherOpt.isPresent() && newFetcherOpt.isPresent()) {
+            var oldFetcher = oldFetcherOpt.get();
+            var newFetcher = newFetcherOpt.get();
+
+            FetcherConfiguration originalFetcherConfiguration = oldFetcher.getConfiguration();
+            FetcherConfiguration updatedFetcherConfiguration = newFetcher.getConfiguration();
+            boolean updated = false;
+
+            Field[] fields = originalFetcherConfiguration.getClass().getDeclaredFields();
+            for (Field field : fields) {
+                if (field.isAnnotationPresent(Sensitive.class)) {
+                    boolean accessible = field.isAccessible();
+                    field.setAccessible(true);
+                    try {
+                        Object updatedValue = field.get(updatedFetcherConfiguration);
+                        if (SENSITIVE_DATA_REPLACEMENT.equals(updatedValue)) {
+                            updated = true;
+                            field.set(updatedFetcherConfiguration, field.get(originalFetcherConfiguration));
+                        }
+                    } catch (IllegalAccessException | IllegalArgumentException e) {
+                        log.error("Error while merging original fetcher sensitive data to new fetcher", e);
+                    }
+                    field.setAccessible(accessible);
+                }
+            }
+            if (updated) {
+                newPage.getSource().setConfiguration((new ObjectMapper().valueToTree(updatedFetcherConfiguration).toString()));
+            }
+        }
+    }
+
     private void fetchContent(Fetcher fetcher, Page page) {
         if (page.getType() != Page.Type.ROOT) {
             page.setContent(readContent(fetcher, page.getSource()));

gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/test/java/inmemory/PageSourceDomainServiceInMemory.java

@@ -50,4 +50,22 @@ public void removeSensitiveData(Page page) {
                 );
         }
     }
+
+    @Override
+    public void mergeSensitiveData(Page oldPage, Page newPage) {
+        if (oldPage.getSource() == null || newPage.getSource() == null) {
+            return;
+        }
+        if (oldPage.getSource().getConfiguration() == null || newPage.getSource().getConfiguration() == null) {
+            return;
+        }
+
+        String newConfig = newPage.getSource().getConfiguration();
+        String oldConfig = oldPage.getSource().getConfiguration();
+        String sanitizedValue = "\"" + PageSourceDomainServiceImpl.SENSITIVE_DATA_REPLACEMENT + "\"";
+
+        if (newConfig.contains(sanitizedValue) && oldConfig.contains("I'm a sensitive data")) {
+            newPage.getSource().setConfiguration(newConfig.replace(sanitizedValue, "\"I'm a sensitive data\""));
+        }
+    }
 }

gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/test/java/io/gravitee/apim/core/documentation/use_case/ApiUpdateDocumentationPageUseCaseTest.java

@@ -206,7 +206,8 @@ void setUp() {
             apiCrudService,
             pageCrudService,
             pageQueryService,
-            documentationValidationDomainService
+            documentationValidationDomainService,
+            pageSourceDomainService
         );
         apiCrudService.initWith(List.of(ApiFixtures.aProxyApiV4().toBuilder().id(API_ID).build()));
         roleQueryService.initWith(
@@ -513,6 +514,50 @@ void should_update_page_source() {
             assertThat(res.page()).isNotNull().hasFieldOrPropertyWithValue("id", PAGE_ID).hasFieldOrPropertyWithValue("source", pageSource);
         }
 
+        @Test
+        void should_merge_sensitive_data_from_old_page_when_updating_with_masked_source() {
+            initApiServices(List.of(Api.builder().id(API_ID).build()));
+
+            var oldPageWithSensitiveData = OLD_MARKDOWN_PAGE.toBuilder()
+                .source(
+                    PageSource.builder()
+                        .type("http-fetcher")
+                        .configuration("{\"url\": \"https://example.com\", \"token\": \"I'm a sensitive data\"}")
+                        .build()
+                )
+                .build();
+
+            initPageServices(List.of(PARENT_FOLDER, oldPageWithSensitiveData));
+
+            var updatedPageSourceWithMaskedData = PageSource.builder()
+                .type("http-fetcher")
+                .configuration("{\"url\": \"https://example.com\", \"token\": \"********\"}")
+                .build();
+
+            var res = apiUpdateDocumentationPageUsecase.execute(
+                ApiUpdateDocumentationPageUseCase.Input.builder()
+                    .source(updatedPageSourceWithMaskedData)
+                    .apiId(API_ID)
+                    .pageId(OLD_MARKDOWN_PAGE.getId())
+                    .order(OLD_MARKDOWN_PAGE.getOrder())
+                    .visibility(OLD_MARKDOWN_PAGE.getVisibility())
+                    .content(OLD_MARKDOWN_PAGE.getContent())
+                    .name(OLD_MARKDOWN_PAGE.getName())
+                    .auditInfo(AUDIT_INFO)
+                    .build()
+            );
+
+            assertThat(res.page())
+                .isNotNull()
+                .hasFieldOrPropertyWithValue("id", PAGE_ID)
+                .extracting(Page::getSource)
+                .isNotNull()
+                .extracting(PageSource::getConfiguration)
+                .asString()
+                .contains("I'm a sensitive data")
+                .doesNotContain("********");
+        }
+
         @Test
         void should_throw_error_if_markdown_unsafe() {
             initApiServices(List.of(Api.builder().id(API_ID).build()));

gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/test/java/io/gravitee/apim/infra/domain_service/documentation/PageSourceDomainServiceImplTest.java

@@ -100,16 +100,117 @@ void should_remove_sensitive_data() throws JsonProcessingException {
         assertThat(configuration.get("nonSensitiveData").textValue()).isEqualTo("I'm not a sensitive data");
     }
 
+    @Test
+    @SuppressWarnings("unchecked")
+    void should_merge_sensitive_data_from_old_page_to_new_page() throws JsonProcessingException {
+        // Arrange
+        String originalSensitiveData = "original-secret-token";
+        String maskedSensitiveData = PageSourceDomainServiceImpl.SENSITIVE_DATA_REPLACEMENT;
+        String nonSensitiveData = "I'm not a sensitive data";
+
+        PageSource oldPageSource = dummySource(nonSensitiveData, originalSensitiveData);
+        PageSource newPageSource = dummySource(nonSensitiveData, maskedSensitiveData);
+
+        Page oldPage = Page.builder().source(oldPageSource).build();
+        Page newPage = Page.builder().source(newPageSource).build();
+
+        when(applicationContext.getAutowireCapableBeanFactory()).thenReturn(
+            mock(org.springframework.beans.factory.config.AutowireCapableBeanFactory.class)
+        );
+        when(fetcherPlugin.fetcher()).thenReturn(DummyFetcher.class);
+        when(fetcherPlugin.configuration()).thenReturn(DummyFetcherConfiguration.class);
+        when(fetcherPlugin.clazz()).thenReturn("io.gravitee.apim.infra.domain_service.documentation.DummyFetcher");
+        when(pluginManager.get("dummy-fetcher")).thenReturn(fetcherPlugin);
+
+        // Mock fetcher configuration factory to return appropriate configurations
+        // First call for old page, second call for new page
+        when(fetcherConfigurationFactory.create(any(), any()))
+            .thenReturn(new DummyFetcherConfiguration(nonSensitiveData, originalSensitiveData))
+            .thenReturn(new DummyFetcherConfiguration(nonSensitiveData, maskedSensitiveData));
+
+        // Act
+        cut.mergeSensitiveData(oldPage, newPage);
+
+        // Assert
+        JsonNode configuration = new ObjectMapper().readTree(newPage.getSource().getConfiguration());
+        assertThat(configuration.get("sensitiveData").textValue()).isEqualTo(originalSensitiveData);
+        assertThat(configuration.get("nonSensitiveData").textValue()).isEqualTo(nonSensitiveData);
+    }
+
+    @Test
+    void should_not_merge_when_old_page_has_no_source() {
+        Page oldPage = Page.builder().build();
+        Page newPage = Page.builder().source(dummySource()).build();
+
+        cut.mergeSensitiveData(oldPage, newPage);
+
+        verifyNoInteractions(fetcherConfigurationFactory, pluginManager, applicationContext);
+    }
+
+    @Test
+    void should_not_merge_when_new_page_has_no_source() {
+        Page oldPage = Page.builder().source(dummySource()).build();
+        Page newPage = Page.builder().build();
+
+        cut.mergeSensitiveData(oldPage, newPage);
+
+        verifyNoInteractions(fetcherConfigurationFactory, pluginManager, applicationContext);
+    }
+
+    @Test
+    void should_not_merge_when_sensitive_data_is_not_masked() throws JsonProcessingException {
+        // Arrange
+        String originalSensitiveData = "original-secret-token";
+        String newSensitiveData = "new-secret-token";
+        String nonSensitiveData = "I'm not a sensitive data";
+
+        PageSource oldPageSource = dummySource(nonSensitiveData, originalSensitiveData);
+        PageSource newPageSource = dummySource(nonSensitiveData, newSensitiveData);
+
+        Page oldPage = Page.builder().source(oldPageSource).build();
+        Page newPage = Page.builder().source(newPageSource).build();
+
+        when(applicationContext.getAutowireCapableBeanFactory()).thenReturn(
+            mock(org.springframework.beans.factory.config.AutowireCapableBeanFactory.class)
+        );
+        when(fetcherPlugin.fetcher()).thenReturn(DummyFetcher.class);
+        when(fetcherPlugin.configuration()).thenReturn(DummyFetcherConfiguration.class);
+        when(fetcherPlugin.clazz()).thenReturn("io.gravitee.apim.infra.domain_service.documentation.DummyFetcher");
+        when(pluginManager.get("dummy-fetcher")).thenReturn(fetcherPlugin);
+
+        // Mock fetcher configuration factory to return appropriate configurations
+        // First call for old page, second call for new page
+        when(fetcherConfigurationFactory.create(any(), any()))
+            .thenReturn(new DummyFetcherConfiguration(nonSensitiveData, originalSensitiveData))
+            .thenReturn(new DummyFetcherConfiguration(nonSensitiveData, newSensitiveData));
+
+        // Act
+        cut.mergeSensitiveData(oldPage, newPage);
+
+        // Assert - new sensitive data should remain unchanged since it's not masked
+        JsonNode configuration = new ObjectMapper().readTree(newPage.getSource().getConfiguration());
+        assertThat(configuration.get("sensitiveData").textValue()).isEqualTo(newSensitiveData);
+        assertThat(configuration.get("nonSensitiveData").textValue()).isEqualTo(nonSensitiveData);
+    }
+
     private static PageSource dummySource() {
+        return dummySource("I'm not a sensitive data", "I'm a sensitive data, I should be masked");
+    }
+
+    private static PageSource dummySource(String nonSensitiveData, String sensitiveData) {
         return PageSource.builder()
             .type("dummy-fetcher")
             .configuration(
-                """
-                {
-                   "sensitiveData" : I'm a sensitive data, I should be masked,
-                   "nonSensitiveData" : "I'm not a sensitive data"
-                }
-                """
+                String.format(
+                    """
+                    {
+                       "nonSensitiveData" : "%s",
+                       "sensitiveData" : "%s"
+                    }
+                    """,
+                    nonSensitiveData,
+                    sensitiveData
+                )
             )
             .build();
     }