Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: long paths not parsing correctly #48

Closed
wants to merge 4 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 11 additions & 9 deletions TestClient.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@ func main() {
// create a zap logger wrapper
zapLogger := logging.NewZapLogger(logger)

apiUrl := "https://example.com:443/BeyondTrust/api/public/v3/"
clientId := ""
clientSecret := ""
apiUrl := "https://jury2310.ps-dev.beyondtrustcloud.com:443/BeyondTrust/api/public/v3/"
clientId := "6138d050-e266-4b05-9ced-35e7dd5093ae"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do not push sensitive data

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I tried not to commit that file. Not sure how it go in.

clientSecret := "8i7U0Yulabon8mTcOzJcltiEg4wYOhDVMerXva+Nuw8="
separator := "/"
certificate := ""
certificateKey := ""
Expand Down Expand Up @@ -54,23 +54,25 @@ func main() {
// instantiating secret obj
secretObj, _ := secrets.NewSecretObj(*authenticate, zapLogger, maxFileSecretSizeBytes)

secretPaths := []string{"fake/Client", "fake/test_file_1"}
//"oauthgrp/folder1/folder2/folder 3/folder4/folder5/folder6/text-test",
//, "oauthgrp/folder1/folder2/folder 3/folder4/folder5/folder6/TextLongPath"
secretPaths := []string{"oauthgrp/text1", "oauthgrp/folder1/folder2/secret"}

gotSecrets, _ := secretObj.GetSecrets(secretPaths, separator)

// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
zapLogger.Warn(fmt.Sprintf("%v", gotSecrets))

// getting single secret
gotSecret, _ := secretObj.GetSecret("fake/Test1", separator)
//gotSecret, _ := secretObj.GetSecret("fake/Test1", separator)

// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
zapLogger.Warn(fmt.Sprintf("Secret Test: %v", gotSecret))
//zapLogger.Warn(fmt.Sprintf("Secret Test: %v", gotSecret))

// instantiating managed account obj
manageAccountObj, _ := managed_accounts.NewManagedAccountObj(*authenticate, zapLogger)

newSecretPaths := []string{"fake/account01", "fake/account01"}
newSecretPaths := []string{"system01/managed_account01", "system02/managed_account01"}

//managedAccountList := strings.Split(paths, ",")
gotManagedAccounts, _ := manageAccountObj.GetSecrets(newSecretPaths, separator)
Expand All @@ -79,10 +81,10 @@ func main() {
zapLogger.Warn(fmt.Sprintf("%v", gotManagedAccounts))

// getting single managed account
gotManagedAccount, _ := manageAccountObj.GetSecret("fake/account04", separator)
//gotManagedAccount, _ := manageAccountObj.GetSecret("fake/account04", separator)

// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
zapLogger.Warn(fmt.Sprintf("%v", gotManagedAccount))
//zapLogger.Warn(fmt.Sprintf("%v", gotManagedAccount))

// signing out
_ = authenticate.SignOut(fmt.Sprintf("%v%v", authenticate.ApiUrl, "Auth/Signout"))
Expand Down
14 changes: 7 additions & 7 deletions api/secrets/secrets.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,6 @@ func NewSecretObj(authentication authentication.AuthenticationObj, logger loggin

// GetSecrets returns secret value for a path and title list.
func (secretObj *SecretObj) GetSecrets(secretPaths []string, separator string) (map[string]string, error) {
if separator == "" {
separator = ""
}
return secretObj.GetSecretFlow(secretPaths, separator)
}

Expand All @@ -61,8 +58,12 @@ func (secretObj *SecretObj) GetSecretFlow(secretsToRetrieve []string, separator
for _, secretToRetrieve := range secretsToRetrieve {
secretData := strings.Split(secretToRetrieve, separator)

secretTitle := secretData[len(secretData)-1]
secretPath := secretData[0]
secretTitle := secretData[1]
if len(secretData) > 2 {
_, secretData = secretData[len(secretData)-1], secretData[:len(secretData)-1]
secretPath = strings.TrimSuffix(strings.Join(secretData, separator), separator)
}

secret, err := secretObj.SecretGetSecretByPath(secretPath, secretTitle, separator, "secrets-safe/secrets")

Expand Down Expand Up @@ -96,8 +97,6 @@ func (secretObj *SecretObj) GetSecretFlow(secretsToRetrieve []string, separator

// SecretGetSecretByPath returns secret object for a specific path, title.
func (secretObj *SecretObj) SecretGetSecretByPath(secretPath string, secretTitle string, separator string, endpointPath string) (entities.Secret, error) {
messageLog := fmt.Sprintf("%v %v", "GET", endpointPath)
secretObj.log.Debug(messageLog)

var body io.ReadCloser
var technicalError error
Expand All @@ -109,7 +108,8 @@ func (secretObj *SecretObj) SecretGetSecretByPath(secretPath string, secretTitle
params.Add("title", secretTitle)

url := fmt.Sprintf("%s%s?%s", secretObj.authenticationObj.ApiUrl, endpointPath, params.Encode())

messageLog := fmt.Sprintf("%v %v", "GET", url)
secretObj.log.Debug(messageLog)
technicalError = backoff.Retry(func() error {
body, technicalError, businessError, scode = secretObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "GET", bytes.Buffer{}, "SecretGetSecretByPath", "")
return technicalError
Expand Down
1 change: 1 addition & 0 deletions api/utils/httpclient.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ func GetHttpClient(clientTimeOut int, verifyCa bool, certificate string, certifi
certi, err := tls.X509KeyPair([]byte(certificate), []byte(certificate_key))

if err != nil {
logger.Error("issue parsing certificate public/private key pair of PEM encoded data.")
return nil, err
}

Expand Down
14 changes: 8 additions & 6 deletions api/utils/validator.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ func ValidateInputs(clientId string, clientSecret string, apiUrl string, clientT
}

if *maxFileSecretSizeBytes == 0 {
*maxFileSecretSizeBytes = 4000
*maxFileSecretSizeBytes = 4000000
}

validate = validator.New(validator.WithRequiredStructEnabled())
Expand Down Expand Up @@ -109,7 +109,7 @@ func ValidateInputs(clientId string, clientSecret string, apiUrl string, clientT
return err
}

message = fmt.Sprintf("Library settings: ApiUrl=%v, ClientTimeOutinSeconds=%v, Separator=%v, VerifyCa=%v", userInput.ApiUrl, userInput.ClientTimeOutinSeconds, userInput.Separator, userInput.VerifyCa)
message = fmt.Sprintf("Library settings: ClientId=%v, ApiUrl=%v, ClientTimeOutinSeconds=%v, Separator=%v, VerifyCa=%v, MaxFileSecretSizeBytes=%v, UsingCertificate=%v", userInput.ClientId, userInput.ApiUrl, userInput.ClientTimeOutinSeconds, userInput.Separator, userInput.VerifyCa, userInput.MaxFileSecretSizeBytes, certificate != "")
logger.Debug(message)
return nil
}
Expand All @@ -133,8 +133,13 @@ func ValidatePaths(secretPaths []string, isManagedAccount bool, separator string

secretData := strings.Split(secretToRetrieve, separator)

name := secretData[len(secretData)-1]
path := secretData[0]
name := secretData[1]
if len(secretData) > 2 {
secretData[len(secretData)-1] = ""
path = strings.TrimSuffix(strings.Join(secretData, separator), separator)
}

maxPath := maxPathLength
maxName := maxTitleLength
invalidPathName := "path"
Expand All @@ -147,9 +152,6 @@ func ValidatePaths(secretPaths []string, isManagedAccount bool, separator string
invalidName = "account name"
}

path = strings.TrimSpace(path)
name = strings.TrimSpace(name)

if len(path) > maxPath || path == "" {
message := fmt.Sprintf("Invalid %s length=%v, valid length between 1 and %v, this secret will be skipped.", invalidPathName, len(path), maxName)
logger.Warn(message)
Expand Down
Loading