Skip to content

Commit

Permalink
fix: fixed parsing secret path not parsing the optional value
Browse files Browse the repository at this point in the history
  • Loading branch information
tegefaulkes committed Aug 30, 2024
1 parent b7871a4 commit c2d70c1
Show file tree
Hide file tree
Showing 5 changed files with 30 additions and 40 deletions.
2 changes: 1 addition & 1 deletion src/secrets/CommandList.ts
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ class CommandList extends CommandPolykey {
this.argument(
'<directoryPath>',
'Directory to list files from, specified as <vaultName>[:<path>]',
binParsers.parseSecretName,
binParsers.parseSecretPathOptional,
);
this.addOption(binOptions.nodeId);
this.addOption(binOptions.clientHost);
Expand Down
52 changes: 24 additions & 28 deletions src/utils/parsers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,7 @@ import * as gestaltsUtils from 'polykey/dist/gestalts/utils';
import * as networkUtils from 'polykey/dist/network/utils';
import * as nodesUtils from 'polykey/dist/nodes/utils';

const vaultNameRegex = /^[\w.-]+$/;
const secretPathNameRegex = /^([\w-]+)(?::([^\0\\=]+))?$/;
const secretPathRegex = /^([\w-]+)(?::([^\0\\=]+))?$/;
const secretPathValueRegex = /^([a-zA-Z_][\w]+)?$/;
const environmentVariableRegex = /^([a-zA-Z_]+[a-zA-Z0-9_]*)?$/;

Expand Down Expand Up @@ -66,47 +65,44 @@ function parseCoreCount(v: string): number | undefined {
}
}

function parseVaultName(vaultName: string): string {
// E.g. If 'vault1, 'vault1' is returned
// If 'vault1:a/b/c', an error is thrown
if (!vaultNameRegex.test(vaultName)) {
throw new commander.InvalidArgumentError(
`${vaultName} is not of the format <vaultName>`,
);
}
// Returns match[1], or the parsed vaultName
return vaultName.match(secretPathNameRegex)![1];
}

function parseSecretName(secretPath: string): [string, string?] {
function parseSecretPathOptional(
secretPath: string,
): [string, string?, string?] {
// E.g. If 'vault1:a/b/c', ['vault1', 'a/b/c'] is returned
// If 'vault1', ['vault1, undefined] is returned
if (!secretPathNameRegex.test(secretPath)) {
// splits out everything after an `=` separator
const lastEqualIndex = secretPath.lastIndexOf('=');
const splitSecretPath =
lastEqualIndex === -1
? secretPath
: secretPath.substring(0, lastEqualIndex);
const value =
lastEqualIndex === -1
? undefined
: secretPath.substring(lastEqualIndex + 1);
if (!secretPathRegex.test(splitSecretPath)) {
throw new commander.InvalidArgumentError(
`${secretPath} is not of the format <vaultName>[:<directoryPath>]`,
`${secretPath} is not of the format <vaultName>[:<directoryPath>][=<value>]`,
);
}
// Returns [vaultName, secretName?]
const match = secretPath.match(secretPathNameRegex)!;
return [match[1], match[2] || undefined];
const [, vaultName, directoryPath] = splitSecretPath.match(secretPathRegex)!;
return [vaultName, directoryPath, value];
}

function parseSecretPath(secretPath: string): [string, string, string?] {
// E.g. If 'vault1:a/b/c', ['vault1', 'a/b/c'] is returned
// If 'vault1', an error is thrown
const [vaultName, secretName] = parseSecretName(secretPath);
const [vaultName, secretName, value] = parseSecretPathOptional(secretPath);
if (secretName === undefined) {
throw new commander.InvalidArgumentError(
`${secretPath} is not of the format <vaultName>:<directoryPath>`,
`${secretPath} is not of the format <vaultName>:<directoryPath>[=<value>]`,
);
}
return [vaultName, secretName];
return [vaultName, secretName, value];
}

function parseSecretPathValue(secretPath: string): [string, string, string?] {
const [vaultName, directoryPath] = parseSecretPath(secretPath);
const lastEqualIndex = secretPath.lastIndexOf('=');
const value = lastEqualIndex === -1 ? '' : secretPath.substring(lastEqualIndex + 1);
const [vaultName, directoryPath, value] = parseSecretPath(secretPath);
if (value != null && !secretPathValueRegex.test(value)) {
throw new commander.InvalidArgumentError(
`${value} is not a valid value name`,
Expand Down Expand Up @@ -219,13 +215,13 @@ function parseEnvArgs(
}

export {
secretPathRegex,
secretPathValueRegex,
environmentVariableRegex,
validateParserToArgParser,
validateParserToArgListParser,
parseCoreCount,
parseVaultName,
parseSecretName,
parseSecretPathOptional,
parseSecretPath,
parseSecretPathValue,
parseSecretPathEnv,
Expand Down
7 changes: 1 addition & 6 deletions src/vaults/CommandCreate.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,14 @@ import CommandPolykey from '../CommandPolykey';
import * as binUtils from '../utils';
import * as binOptions from '../utils/options';
import * as binProcessors from '../utils/processors';
import * as binParsers from '../utils/parsers';

class CommandCreate extends CommandPolykey {
constructor(...args: ConstructorParameters<typeof CommandPolykey>) {
super(...args);
this.name('create');
this.aliases(['touch']);
this.description('Create a new Vault');
this.argument(
'<vaultName>',
'Name of the new vault to be created',
binParsers.parseVaultName,
);
this.argument('<vaultName>', 'Name of the new vault to be created');
this.addOption(binOptions.nodeId);
this.addOption(binOptions.clientHost);
this.addOption(binOptions.clientPort);
Expand Down
3 changes: 1 addition & 2 deletions tests/secrets/env.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -764,7 +764,7 @@ describe('commandEnv', () => {
const jsonOut = JSON.parse(result.stdout);
expect(jsonOut['SECRET']).toBe('this is a secret\nit has multiple lines\n');
});
test.only.prop([
test.prop([
testUtils.secretPathEnvArrayArb,
fc.string().noShrink(),
testUtils.cmdArgsArrayArb,
Expand All @@ -773,7 +773,6 @@ describe('commandEnv', () => {
async (secretPathEnvArray, cmd, cmdArgsArray) => {
// If we don't use the optional `--` delimiter then we can't include `:` in vault names
fc.pre(!cmd.includes(':'));

let output:
| [Array<[string, string, string?]>, Array<string>]
| undefined = undefined;
Expand Down
6 changes: 3 additions & 3 deletions tests/utils/utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -88,9 +88,9 @@ async function nodesConnect(localNode: PolykeyAgent, remoteNode: PolykeyAgent) {
);
}

const secretPathWithoutEnvArb = fc
.stringMatching(binParsers.secretPathRegex)
.noShrink();
// This regex defines a vault secret path that always includes the secret path
const secretPathRegex = /^([\w-]+)(?::)([^\0\\=]+)$/;
const secretPathWithoutEnvArb = fc.stringMatching(secretPathRegex).noShrink();
const environmentVariableAre = fc
.stringMatching(binParsers.environmentVariableRegex)
.filter((v) => v.length > 0)
Expand Down

0 comments on commit c2d70c1

Please sign in to comment.