From 5f7954713858d1d142bc5ce0b8afaf11eb9327dc Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Tue, 31 Jul 2018 11:50:04 +0200
Subject: [PATCH] fix(api): filter sensitive information from API response
 (#2103)

---
 api/http/handler/endpoints/endpoint_list.go  | 5 +++--
 api/http/handler/registries/registry_list.go | 7 ++++---
 api/http/handler/users/user_list.go          | 5 +++--
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/api/http/handler/endpoints/endpoint_list.go b/api/http/handler/endpoints/endpoint_list.go
index 13268b48d..3348c630e 100644
--- a/api/http/handler/endpoints/endpoint_list.go
+++ b/api/http/handler/endpoints/endpoint_list.go
@@ -27,8 +27,9 @@ func (handler *Handler) endpointList(w http.ResponseWriter, r *http.Request) *ht
 
 	filteredEndpoints := security.FilterEndpoints(endpoints, endpointGroups, securityContext)
 
-	for _, endpoint := range filteredEndpoints {
-		hideFields(&endpoint)
+	for idx := range filteredEndpoints {
+		hideFields(&filteredEndpoints[idx])
 	}
+
 	return response.JSON(w, filteredEndpoints)
 }
diff --git a/api/http/handler/registries/registry_list.go b/api/http/handler/registries/registry_list.go
index 158f8e3fe..9986ce820 100644
--- a/api/http/handler/registries/registry_list.go
+++ b/api/http/handler/registries/registry_list.go
@@ -22,8 +22,9 @@ func (handler *Handler) registryList(w http.ResponseWriter, r *http.Request) *ht
 
 	filteredRegistries := security.FilterRegistries(registries, securityContext)
 
-	for _, registry := range filteredRegistries {
-		hideFields(&registry)
+	for idx := range filteredRegistries {
+		hideFields(&filteredRegistries[idx])
 	}
-	return response.JSON(w, registries)
+
+	return response.JSON(w, filteredRegistries)
 }
diff --git a/api/http/handler/users/user_list.go b/api/http/handler/users/user_list.go
index 760c4ec54..945e85f10 100644
--- a/api/http/handler/users/user_list.go
+++ b/api/http/handler/users/user_list.go
@@ -22,8 +22,9 @@ func (handler *Handler) userList(w http.ResponseWriter, r *http.Request) *httper
 
 	filteredUsers := security.FilterUsers(users, securityContext)
 
-	for _, user := range filteredUsers {
-		hideFields(&user)
+	for idx := range filteredUsers {
+		hideFields(&filteredUsers[idx])
 	}
+
 	return response.JSON(w, filteredUsers)
 }