fix(akamai): handle non-string user data in base64 decoding (canonica…

…l#5751) Previously, user data that was base64-encoded was decoded as a string, causing non-string data (e.g., gzipped user data) to raise an exception. This change ensures that the output of b64decode is not decoded to a string, passing along the decoded bytes unchanged.
AliyevH · Oct 3, 2024 · ce80781 · ce80781
1 parent 545e9ac
commit ce80781
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 7 deletions.
diff --git a/cloudinit/sources/DataSourceAkamai.py b/cloudinit/sources/DataSourceAkamai.py
@@ -276,7 +276,7 @@ def _fetch_metadata(self, use_v6: bool = False) -> bool:
             )
             self.userdata_raw = str(userdata)
             try:
-                self.userdata_raw = b64decode(self.userdata_raw).decode()
+                self.userdata_raw = b64decode(self.userdata_raw)
             except binascii.Error as e:
                 LOG.warning("Failed to base64 decode userdata due to %s", e)
         except url_helper.UrlError as e:

diff --git a/tests/unittests/sources/test_akamai.py b/tests/unittests/sources/test_akamai.py
@@ -261,14 +261,43 @@ def test_get_network_context_managers(
                 assert rv6 == ev6
 
     @pytest.mark.parametrize(
-        "use_v6",
+        "use_v6,userdata,decoded_userdata,case",
         (
-            False,
-            True,
+            (
+                False,
+                "dGVzdGluZyBlbmNvZGVkIHVzZXJkYXRh",
+                b"testing encoded userdata",
+                "base64-encoded ASCII plaintext, IPv4 request",
+            ),
+            (
+                True,
+                "dGVzdGluZyBlbmNvZGVkIHVzZXJkYXRh",
+                b"testing encoded userdata",
+                "base64-encoded ASCII plaintext, IPv6 request",
+            ),
+            (
+                False,
+                "H4sIAAAAAAACAytJLS7hAgDGNbk7BQAAAA==",
+                b"\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\x03+I-.\xe1\x02\x00\xc65\xb9;\x05\x00\x00\x00",
+                "base64-encoded gzipped data",
+            ),
+            (
+                False,
+                "dGVzdDHwn4yKdGVzdDI=",
+                "test1\N{WATER WAVE}test2".encode("utf-8"),
+                "base64-encoded Unicode text",
+            ),
         ),
     )
     @mock.patch("cloudinit.url_helper.readurl")
-    def test_fetch_metadata(self, readurl, use_v6: bool):
+    def test_fetch_metadata(
+        self,
+        readurl,
+        use_v6: bool,
+        userdata: str,
+        decoded_userdata: str,
+        case: str,
+    ):
         """
         Tests that making requests sends the expected requests in the expected
         order
@@ -280,7 +309,7 @@ def test_fetch_metadata(self, readurl, use_v6: bool):
             # to GET /v1/instance; truncated for brevity
             '{"id": 123}',
             # to GET /v1/user-data
-            "",
+            userdata,
         ]
 
         # if we're asked to force using v6, we should see the hostname of the
@@ -292,7 +321,7 @@ def test_fetch_metadata(self, readurl, use_v6: bool):
 
         assert readurl.call_count == 3
         assert ds.metadata == {"id": 123}
-        assert ds.userdata_raw == ""
+        assert ds.userdata_raw == decoded_userdata, f"Failed to decode {case}"
 
         assert readurl.mock_calls == [
             mock.call(

diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers
@@ -89,8 +89,10 @@ izzyleung
 j5awry
 jacobsalmela
 jamesottinger
+jberner12
 jcmoore3
 Jehops
+jessealter
 jf
 jfroche
 jgrassler