allow null types in batch encryption [VAULT-849] (#10386)

* allow null types in batch encryption

* dont allow plaintext to be null
This commit is contained in:
Hridoy Roy 2020-11-23 11:55:08 -08:00 committed by GitHub
parent 22d55c00e6
commit 2c4e299391
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 4 deletions

View file

@ -4,6 +4,7 @@ import (
"context" "context"
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"reflect"
"github.com/hashicorp/errwrap" "github.com/hashicorp/errwrap"
"github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/framework"
@ -154,7 +155,8 @@ func decodeBatchRequestItems(src interface{}, dst *[]BatchRequestItem) error {
} }
if v, has := item["context"]; has { if v, has := item["context"]; has {
if casted, ok := v.(string); ok { if !reflect.ValueOf(v).IsValid() {
} else if casted, ok := v.(string); ok {
(*dst)[i].Context = casted (*dst)[i].Context = casted
} else { } else {
errs.Errors = append(errs.Errors, fmt.Sprintf("'[%d].context' expected type 'string', got unconvertible type '%T'", i, item["context"])) errs.Errors = append(errs.Errors, fmt.Sprintf("'[%d].context' expected type 'string', got unconvertible type '%T'", i, item["context"]))
@ -162,13 +164,15 @@ func decodeBatchRequestItems(src interface{}, dst *[]BatchRequestItem) error {
} }
if v, has := item["ciphertext"]; has { if v, has := item["ciphertext"]; has {
if casted, ok := v.(string); ok { if !reflect.ValueOf(v).IsValid() {
} else if casted, ok := v.(string); ok {
(*dst)[i].Ciphertext = casted (*dst)[i].Ciphertext = casted
} else { } else {
errs.Errors = append(errs.Errors, fmt.Sprintf("'[%d].ciphertext' expected type 'string', got unconvertible type '%T'", i, item["ciphertext"])) errs.Errors = append(errs.Errors, fmt.Sprintf("'[%d].ciphertext' expected type 'string', got unconvertible type '%T'", i, item["ciphertext"]))
} }
} }
// don't allow "null" to be passed in for the plaintext value
if v, has := item["plaintext"]; has { if v, has := item["plaintext"]; has {
if casted, ok := v.(string); ok { if casted, ok := v.(string); ok {
(*dst)[i].Plaintext = casted (*dst)[i].Plaintext = casted
@ -178,7 +182,8 @@ func decodeBatchRequestItems(src interface{}, dst *[]BatchRequestItem) error {
} }
if v, has := item["nonce"]; has { if v, has := item["nonce"]; has {
if casted, ok := v.(string); ok { if !reflect.ValueOf(v).IsValid() {
} else if casted, ok := v.(string); ok {
(*dst)[i].Nonce = casted (*dst)[i].Nonce = casted
} else { } else {
errs.Errors = append(errs.Errors, fmt.Sprintf("'[%d].nonce' expected type 'string', got unconvertible type '%T'", i, item["nonce"])) errs.Errors = append(errs.Errors, fmt.Sprintf("'[%d].nonce' expected type 'string', got unconvertible type '%T'", i, item["nonce"]))
@ -186,7 +191,8 @@ func decodeBatchRequestItems(src interface{}, dst *[]BatchRequestItem) error {
} }
if v, has := item["key_version"]; has { if v, has := item["key_version"]; has {
if casted, ok := v.(int); ok { if !reflect.ValueOf(v).IsValid() {
} else if casted, ok := v.(int); ok {
(*dst)[i].KeyVersion = casted (*dst)[i].KeyVersion = casted
} else { } else {
errs.Errors = append(errs.Errors, fmt.Sprintf("'[%d].key_version' expected type 'int', got unconvertible type '%T'", i, item["key_version"])) errs.Errors = append(errs.Errors, fmt.Sprintf("'[%d].key_version' expected type 'int', got unconvertible type '%T'", i, item["key_version"]))

View file

@ -681,6 +681,11 @@ func TestTransit_decodeBatchRequestItems(t *testing.T) {
}, },
dest: []BatchRequestItem{}, dest: []BatchRequestItem{},
}, },
{
name: "src_plaintext-nil-nonce",
src: []interface{}{map[string]interface{}{"plaintext": "dGhlIHF1aWNrIGJyb3duIGZveA==", "nonce": "null"}},
dest: []BatchRequestItem{},
},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {