Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add uuid validation #41

Merged
merged 7 commits into from
Dec 14, 2021
Merged

Add uuid validation #41

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
6cb89f7
Add uuid validation
hculea Dec 1, 2021
5a79fec
Fix failing tests
hculea Dec 1, 2021
e6adae6
Fix failing tests
hculea Dec 1, 2021
df50b15
Fix failing tests
hculea Dec 1, 2021
541a564
Fix failing tests
hculea Dec 1, 2021
e0909c9
Add vaultUUID to all function signatures
hculea Dec 10, 2021
f522693
Export uuid-related errors
hculea Dec 10, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 74 additions & 3 deletions connect/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package connect
import (
"bytes"
"encoding/json"
"errors"
"fmt"
"io"
"io/ioutil"
Expand All @@ -12,6 +11,7 @@ import (
"os"
"path/filepath"
"reflect"
"regexp"

"github.com/opentracing/opentracing-go"
"github.com/opentracing/opentracing-go/ext"
Expand All @@ -25,6 +25,12 @@ const (
defaultUserAgent = "connect-sdk-go/%s"
)

var (
vaultUUIDError = fmt.Errorf("malformed vault uuid provided")
itemUUIDError = fmt.Errorf("malformed item uuid provided")
fileUUIDError = fmt.Errorf("malformed file uuid provided")
)

// Client Represents an available 1Password Connect API to connect to
type Client interface {
GetVaults() ([]onepassword.Vault, error)
Expand Down Expand Up @@ -135,8 +141,8 @@ func (rs *restClient) GetVaults() ([]onepassword.Vault, error) {

// GetVaults Get a list of all available vaults
func (rs *restClient) GetVault(uuid string) (*onepassword.Vault, error) {
if uuid == "" {
return nil, errors.New("no uuid provided")
if !isValidUUID(uuid) {
return nil, vaultUUIDError
}

span := rs.tracer.StartSpan("GetVault")
Expand Down Expand Up @@ -186,6 +192,13 @@ func (rs *restClient) GetVaultsByTitle(title string) ([]onepassword.Vault, error

// GetItem Get a specific Item from the 1Password Connect API
func (rs *restClient) GetItem(uuid string, vaultUUID string) (*onepassword.Item, error) {
if !isValidUUID(uuid) {
return nil, itemUUIDError
}
if !isValidUUID(vaultUUID) {
return nil, vaultUUIDError
}

span := rs.tracer.StartSpan("GetItem")
defer span.Finish()

Expand All @@ -208,6 +221,10 @@ func (rs *restClient) GetItem(uuid string, vaultUUID string) (*onepassword.Item,
}

func (rs *restClient) GetItemByTitle(title string, vaultUUID string) (*onepassword.Item, error) {
if !isValidUUID(vaultUUID) {
return nil, vaultUUIDError
}

span := rs.tracer.StartSpan("GetItemByTitle")
defer span.Finish()
items, err := rs.GetItemsByTitle(title, vaultUUID)
Expand All @@ -223,6 +240,10 @@ func (rs *restClient) GetItemByTitle(title string, vaultUUID string) (*onepasswo
}

func (rs *restClient) GetItemsByTitle(title string, vaultUUID string) ([]onepassword.Item, error) {
if !isValidUUID(vaultUUID) {
return nil, vaultUUIDError
}

span := rs.tracer.StartSpan("GetItemsByTitle")
defer span.Finish()

Expand All @@ -247,6 +268,10 @@ func (rs *restClient) GetItemsByTitle(title string, vaultUUID string) ([]onepass
}

func (rs *restClient) GetItems(vaultUUID string) ([]onepassword.Item, error) {
if !isValidUUID(vaultUUID) {
return nil, vaultUUIDError
}

span := rs.tracer.StartSpan("GetItems")
defer span.Finish()

Expand All @@ -271,6 +296,10 @@ func (rs *restClient) GetItems(vaultUUID string) ([]onepassword.Item, error) {

// CreateItem Create a new item in a specified vault
func (rs *restClient) CreateItem(item *onepassword.Item, vaultUUID string) (*onepassword.Item, error) {
if !isValidUUID(vaultUUID) {
return nil, vaultUUIDError
}

span := rs.tracer.StartSpan("CreateItem")
defer span.Finish()

Expand Down Expand Up @@ -352,6 +381,13 @@ func (rs *restClient) DeleteItem(item *onepassword.Item, vaultUUID string) error

// DeleteItem Delete a new item in a specified vault, specifying the item's uuid
func (rs *restClient) DeleteItemByID(itemUUID string, vaultUUID string) error {
if !isValidUUID(itemUUID) {
return itemUUIDError
}
if !isValidUUID(vaultUUID) {
return vaultUUIDError
}

span := rs.tracer.StartSpan("DeleteItemByID")
defer span.Finish()

Expand All @@ -374,6 +410,13 @@ func (rs *restClient) DeleteItemByID(itemUUID string, vaultUUID string) error {
}

func (rs *restClient) GetFiles(itemUUID string, vaultUUID string) ([]onepassword.File, error) {
if !isValidUUID(vaultUUID) {
return nil, vaultUUIDError
}
if !isValidUUID(itemUUID) {
return nil, itemUUIDError
}

span := rs.tracer.StartSpan("GetFiles")
defer span.Finish()

Expand All @@ -400,6 +443,16 @@ func (rs *restClient) GetFiles(itemUUID string, vaultUUID string) ([]onepassword
// GetFile Get a specific File in a specified item.
// This does not include the file contents. Call GetFileContent() to load the file's content.
func (rs *restClient) GetFile(uuid string, itemUUID string, vaultUUID string) (*onepassword.File, error) {
if !isValidUUID(uuid) {
return nil, fileUUIDError
}
if !isValidUUID(itemUUID) {
return nil, itemUUIDError
}
if !isValidUUID(vaultUUID) {
return nil, vaultUUIDError
}

span := rs.tracer.StartSpan("GetFile")
defer span.Finish()

Expand Down Expand Up @@ -546,6 +599,12 @@ func loadToStruct(item *parsedItem, config reflect.Value) error {
}

func (rs *restClient) LoadStructFromItem(i interface{}, itemUUID string, vaultUUID string) error {
if !isValidUUID(itemUUID) {
return itemUUIDError
}
if !isValidUUID(vaultUUID) {
return vaultUUIDError
}
config, err := checkStruct(i)
if err != nil {
return err
Expand All @@ -566,6 +625,10 @@ func (rs *restClient) LoadStructFromItem(i interface{}, itemUUID string, vaultUU

// LoadConfigFromItem Load configuration values based on struct tag from one 1P item
func (rs *restClient) LoadStructFromItemByTitle(i interface{}, itemTitle string, vaultUUID string) error {
if !isValidUUID(vaultUUID) {
return vaultUUIDError
}

config, err := checkStruct(i)
if err != nil {
return err
Expand Down Expand Up @@ -616,6 +679,9 @@ func (rs *restClient) LoadStruct(i interface{}) error {
if err != nil {
return err
}
if !isValidUUID(itemVault) {
return vaultUUIDError
}

key := fmt.Sprintf("%s/%s", itemVault, tag)
parsed := items[key]
Expand Down Expand Up @@ -663,3 +729,8 @@ func readResponseBody(resp *http.Response, expectedStatusCode int) ([]byte, erro
}
return body, nil
}

func isValidUUID(u string) bool {
r := regexp.MustCompile("^[a-z0-9]{26}$")
return r.MatchString(u)
}
48 changes: 25 additions & 23 deletions connect/client_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ type mockClient struct {
Dofunc func(req *http.Request) (*http.Response, error)
}

const testID = "4eh55wjehsta5f376ggwsplxs4"

func (mc *mockClient) Do(req *http.Request) (*http.Response, error) {
resp, err := mc.Dofunc(req)
if err != nil {
Expand Down Expand Up @@ -191,7 +193,7 @@ func Test_restClient_GetVault(t *testing.T) {
expectedVault := &onepassword.Vault{
Name: "Test vault",
Description: "Test Vault description",
ID: uuid.New().String(),
ID: testID,
}

mockHTTPClient.Dofunc = getVault(expectedVault)
Expand All @@ -206,13 +208,13 @@ func Test_restClient_GetVaultEmptyUUID(t *testing.T) {
mockHTTPClient.Dofunc = respondError(errResult)
_, err := testClient.GetVault("")

assert.EqualError(t, err, "no uuid provided")
assert.EqualError(t, err, "malformed vault uuid provided")
}

func Test_restClient_GetVaultError(t *testing.T) {
errResult := apiError(http.StatusNotFound, "Vault not found")
mockHTTPClient.Dofunc = respondError(errResult)
_, err := testClient.GetVault(uuid.New().String())
_, err := testClient.GetVault(testID)

assert.ErrorIs(t, err, errResult)
}
Expand All @@ -234,7 +236,7 @@ func Test_restClient_GetVaultsByTitle(t *testing.T) {

func Test_restClient_GetItem(t *testing.T) {
mockHTTPClient.Dofunc = getItem
item, err := testClient.GetItem(uuid.New().String(), uuid.New().String())
item, err := testClient.GetItem(testID, testID)

if err != nil {
t.Logf("Unable to get items: %s", err.Error())
Expand All @@ -250,7 +252,7 @@ func Test_restClient_GetItem(t *testing.T) {
func Test_restClient_GetItemNotFound(t *testing.T) {
errResult := apiError(http.StatusNotFound, "item not found")
mockHTTPClient.Dofunc = respondError(errResult)
item, err := testClient.GetItem(uuid.New().String(), uuid.New().String())
item, err := testClient.GetItem(testID, testID)

assert.ErrorIs(t, err, errResult)
if item != nil {
Expand All @@ -261,7 +263,7 @@ func Test_restClient_GetItemNotFound(t *testing.T) {

func Test_restClient_GetItems(t *testing.T) {
mockHTTPClient.Dofunc = listItems
items, err := testClient.GetItems(uuid.New().String())
items, err := testClient.GetItems(testID)

if err != nil {
t.Logf("Unable to get item: %s", err.Error())
Expand All @@ -276,7 +278,7 @@ func Test_restClient_GetItems(t *testing.T) {

func Test_restClient_GetItemsByTitle(t *testing.T) {
mockHTTPClient.Dofunc = listItems
items, err := testClient.GetItemsByTitle("test", uuid.New().String())
items, err := testClient.GetItemsByTitle("test", testID)

if err != nil {
t.Logf("Unable to get item: %s", err.Error())
Expand All @@ -293,7 +295,7 @@ func Test_restClient_GetItemByTitle(t *testing.T) {
defer reset()

mockHTTPClient.Dofunc = getItemByID
item, err := testClient.GetItemByTitle("test", uuid.New().String())
item, err := testClient.GetItemByTitle("test", testID)

if err != nil {
t.Logf("Unable to get item: %s", err.Error())
Expand All @@ -311,7 +313,7 @@ func Test_restClient_GetItemByNonUniqueTitle(t *testing.T) {
defer reset()

mockHTTPClient.Dofunc = getItemByID
item, err := testClient.GetItemByTitle("test", uuid.New().String())
item, err := testClient.GetItemByTitle("test", testID)

if err == nil {
t.Log("Expected too many items")
Expand Down Expand Up @@ -353,7 +355,7 @@ func Test_restClient_CreateItemError(t *testing.T) {

func Test_restClient_UpdateItem(t *testing.T) {
mockHTTPClient.Dofunc = updateItem
item, err := testClient.UpdateItem(generateItem(defaultVault), defaultVault)
item, err := testClient.UpdateItem(generateItem(defaultVault), "")

if err != nil {
t.Logf("Unable to update item: %s", err.Error())
Expand All @@ -370,7 +372,7 @@ func Test_restClient_UpdateItemError(t *testing.T) {
errResult := apiError(http.StatusBadRequest, "Missing required field")
mockHTTPClient.Dofunc = respondError(errResult)

item, err := testClient.UpdateItem(generateItem(defaultVault), defaultVault)
item, err := testClient.UpdateItem(generateItem(defaultVault), "")

assert.ErrorIs(t, err, errResult)
if item != nil {
Expand All @@ -381,7 +383,7 @@ func Test_restClient_UpdateItemError(t *testing.T) {

func Test_restClient_DeleteItem(t *testing.T) {
mockHTTPClient.Dofunc = deleteItem
err := testClient.DeleteItem(generateItem(defaultVault), defaultVault)
err := testClient.DeleteItem(generateItem(defaultVault), "")

if err != nil {
t.Logf("Unable to delete item: %s", err.Error())
Expand All @@ -403,7 +405,7 @@ func Test_restClient_DeleteItemError(t *testing.T) {
errResult := apiError(http.StatusNotFound, "Vault not found")
mockHTTPClient.Dofunc = respondError(errResult)

err := testClient.DeleteItem(generateItem(defaultVault), defaultVault)
err := testClient.DeleteItem(generateItem(defaultVault), "")

assert.ErrorIs(t, err, errResult)
}
Expand All @@ -419,7 +421,7 @@ func Test_restClient_DeleteItemByIdError(t *testing.T) {

func Test_restClient_GetFile(t *testing.T) {
mockHTTPClient.Dofunc = getFile
file, err := testClient.GetFile(uuid.New().String(), uuid.New().String(), uuid.New().String())
file, err := testClient.GetFile(testID, testID, testID)

assert.Nil(t, err)
assert.NotNil(t, file)
Expand All @@ -428,7 +430,7 @@ func Test_restClient_GetFile(t *testing.T) {
func Test_restClient_GetFileNotFound(t *testing.T) {
errResult := apiError(http.StatusNotFound, "File not found")
mockHTTPClient.Dofunc = respondError(errResult)
_, err := testClient.GetFile(uuid.New().String(), uuid.New().String(), uuid.New().String())
_, err := testClient.GetFile(testID, testID, testID)

assert.ErrorIs(t, err, errResult)
}
Expand Down Expand Up @@ -462,8 +464,8 @@ func Test_restClient_loadStructFromItem(t *testing.T) {
mockHTTPClient.Dofunc = getComplexItem

item := parsedItem{
vaultUUID: "",
itemUUID: "",
vaultUUID: testID,
itemUUID: testID,
}
c := testConfig{}

Expand Down Expand Up @@ -499,7 +501,7 @@ func listVaults(req *http.Request) (*http.Response, error) {
vaults := []onepassword.Vault{
{
Description: "Test Vault",
ID: uuid.New().String(),
ID: testID,
},
}

Expand Down Expand Up @@ -535,11 +537,11 @@ func generateComplexItem(vaultUUID string, itemUUID string) *onepassword.Item {
Label: "section",
}},
Fields: []*onepassword.ItemField{{
ID: uuid.New().String(),
ID: testID,
Label: "username",
Value: "wendy",
}, {
ID: uuid.New().String(),
ID: testID,
Label: "password",
Value: "appleseed",
Section: &onepassword.ItemSection{
Expand All @@ -553,7 +555,7 @@ func generateComplexItem(vaultUUID string, itemUUID string) *onepassword.Item {

func generateItem(vaultUUID string) *onepassword.Item {
return &onepassword.Item{
ID: uuid.New().String(),
ID: testID,
Vault: onepassword.ItemVault{
ID: vaultUUID,
},
Expand All @@ -579,7 +581,7 @@ func listItems(req *http.Request) (*http.Response, error) {
}

func getItemByID(req *http.Request) (*http.Response, error) {
vaultUUID := ""
vaultUUID := testID
excessPath := ""
fmt.Sscanf(req.URL.Path, "/v1/vaults/%s%s", vaultUUID, excessPath)

Expand Down Expand Up @@ -703,7 +705,7 @@ func deleteItem(req *http.Request) (*http.Response, error) {

func generateFile() *onepassword.File {
return &onepassword.File{
ID: uuid.New().String(),
ID: testID,
Name: "testfile.txt",
ContentPath: "/v1/files/xbqdtnehinocwuz23c7l7jiagy/content",
}
Expand Down