luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

allow null types in batch encryption [VAULT-849] (#10386) 

* allow null types in batch encryption

* dont allow plaintext to be null
This commit is contained in:
Hridoy Roy 2020-11-23 11:55:08 -08:00 committed by GitHub
parent 22d55c00e6
commit 2c4e299391
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
builtin/logical/transit/path_encrypt.go
View File

@ -4,6 +4,7 @@ import (
"context"
"encoding/base64"
"fmt"
"reflect"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/vault/sdk/framework"
@ -154,7 +155,8 @@ func decodeBatchRequestItems(src interface{}, dst *[]BatchRequestItem) error {
}
if v, has := item["context"]; has {
if casted, ok := v.(string); ok {
if !reflect.ValueOf(v).IsValid() {
} else if casted, ok := v.(string); ok {
(*dst)[i].Context = casted
} else {
errs.Errors = append(errs.Errors, fmt.Sprintf("'[%d].context' expected type 'string', got unconvertible type '%T'", i, item["context"]))
@ -162,13 +164,15 @@ func decodeBatchRequestItems(src interface{}, dst *[]BatchRequestItem) error {
}
if v, has := item["ciphertext"]; has {
if casted, ok := v.(string); ok {
if !reflect.ValueOf(v).IsValid() {
} else if casted, ok := v.(string); ok {
(*dst)[i].Ciphertext = casted
} else {
errs.Errors = append(errs.Errors, fmt.Sprintf("'[%d].ciphertext' expected type 'string', got unconvertible type '%T'", i, item["ciphertext"]))
}
}
// don't allow "null" to be passed in for the plaintext value
if v, has := item["plaintext"]; has {
if casted, ok := v.(string); ok {
(*dst)[i].Plaintext = casted
@ -178,7 +182,8 @@ func decodeBatchRequestItems(src interface{}, dst *[]BatchRequestItem) error {
}
if v, has := item["nonce"]; has {
if casted, ok := v.(string); ok {
if !reflect.ValueOf(v).IsValid() {
} else if casted, ok := v.(string); ok {
(*dst)[i].Nonce = casted
} else {
errs.Errors = append(errs.Errors, fmt.Sprintf("'[%d].nonce' expected type 'string', got unconvertible type '%T'", i, item["nonce"]))
@ -186,7 +191,8 @@ func decodeBatchRequestItems(src interface{}, dst *[]BatchRequestItem) error {
}
if v, has := item["key_version"]; has {
if casted, ok := v.(int); ok {
if !reflect.ValueOf(v).IsValid() {
} else if casted, ok := v.(int); ok {
(*dst)[i].KeyVersion = casted
} else {
errs.Errors = append(errs.Errors, fmt.Sprintf("'[%d].key_version' expected type 'int', got unconvertible type '%T'", i, item["key_version"]))

5
builtin/logical/transit/path_encrypt_test.go
View File

@ -681,6 +681,11 @@ func TestTransit_decodeBatchRequestItems(t *testing.T) {
},
dest: []BatchRequestItem{},
},
{
name: "src_plaintext-nil-nonce",
src: []interface{}{map[string]interface{}{"plaintext": "dGhlIHF1aWNrIGJyb3duIGZveA==", "nonce": "null"}},
dest: []BatchRequestItem{},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {