Skip to content

Commit

Permalink
Validate action provided to the sign command
Browse files Browse the repository at this point in the history
This change also updates the CLI to uppercase the action to ensure that
it is a valid action. If the action is lowercase, the signed URL is not
valid.

[finishes #167978647](https://www.pivotaltracker.com/story/show/167978647)

Co-authored-by: Rebecca Putinski <[email protected]>
  • Loading branch information
jfmyers9 and h4xnoodle committed Oct 31, 2019
1 parent b7cee12 commit de0da4b
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 5 deletions.
3 changes: 2 additions & 1 deletion client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,11 @@ import (
"context"
"errors"
"fmt"
"golang.org/x/oauth2/google"
"io"
"time"

"golang.org/x/oauth2/google"

"log"

"cloud.google.com/go/storage"
Expand Down
14 changes: 10 additions & 4 deletions integration/gcs_static_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,12 @@
package integration

import (
"net/http"
"strings"

"github.com/cloudfoundry/bosh-gcscli/config"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"net/http"
"strings"
)

var _ = Describe("Integration", func() {
Expand All @@ -43,9 +44,14 @@ var _ = Describe("Integration", func() {
AssertLifecycleWorks(gcsCLIPath, ctx)
})

It("validates the action is valid", func() {
session, err := RunGCSCLI(gcsCLIPath, ctx.ConfigPath, "sign", ctx.GCSFileName, "not-valid", "1h")
Expect(err).NotTo(HaveOccurred())
Expect(session.ExitCode()).ToNot(Equal(0))
})

It("can generate a signed url for a given object and action", func() {
session, err := RunGCSCLI(gcsCLIPath, ctx.ConfigPath,
"sign", ctx.GCSFileName, "PUT", "1h")
session, err := RunGCSCLI(gcsCLIPath, ctx.ConfigPath, "sign", ctx.GCSFileName, "put", "1h")

Expect(err).ToNot(HaveOccurred())
Expect(session.ExitCode()).To(Equal(0))
Expand Down
15 changes: 15 additions & 0 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,9 @@ import (
"flag"
"fmt"
"log"
"net/http"
"os"
"strings"
"time"

"github.com/cloudfoundry/bosh-gcscli/client"
Expand Down Expand Up @@ -180,6 +182,12 @@ func main() {

id, action, expiry := nonFlagArgs[1], nonFlagArgs[2], nonFlagArgs[3]

action = strings.ToUpper(action)
err = validateAction(action)
if err != nil {
log.Fatal(err)
}

var expiryDuration time.Duration
expiryDuration, err = time.ParseDuration(expiry)
if err != nil {
Expand All @@ -199,3 +207,10 @@ func main() {
log.Fatalf("performing operation %s: %s\n", cmd, err)
}
}

func validateAction(action string) error {
if action != http.MethodGet && action != http.MethodPut && action != http.MethodDelete {
return fmt.Errorf("invalid signing action: %s must be GET, PUT, or DELETE", action)
}
return nil
}

0 comments on commit de0da4b

Please sign in to comment.