fix: support unpadded base64 input data in decode_base64_field

[neufeldtech]

Type of change

• Bugfix

What does this PR do?

Adds support for decoding base64 strings that were encoded without padding.

Why is it important?

Increases compatibility and flexibility for users attempting to decode base64 strings that were encoded without padding.

Checklist

• My code follows the style guidelines of this project
  - [ ] I have commented my code, particularly in hard-to-understand areas
  - [ ] I have made corresponding changes to the documentation
  - [ ] I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

go test ./...

Related issues

N/A

Use cases

This change allows decoding of any raw base64 input strings that were previously encoded without standard padding character (=).

When attempting to decode the payload (middle) section of a JWT token, it was discovered that the decode was failing, because padding characters are not included in a JWT token string.

By adding padding to the string to be decoded, we properly prepare the string for successful decoding.

[botelastic]

This pull request doesn't have a Team:<team> label.

[elasticmachine]

❕ Build Aborted

The PR is not allowed to run in the CI yet

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Build Cause: Pull request #25817 opened

• Reason: The PR is not allowed to run in the CI yet

• Start Time: 2021-05-21T16:34:42.472+0000

• Duration: 5 min 27 sec

• Commit: 877342e

Trends 🧪

Steps errors

Expand to view the steps failures

Load a resource file from a shared library

• Took 0 min 0 sec . View more details on here
• Description: approval-list/elastic/beats.yml

Error signal

• Took 0 min 0 sec . View more details on here
• Description: githubPrCheckApproved: The PR is not allowed to run in the CI yet. (Only users with write permissions can do so.)

Log output

Expand to view the last 100 lines of log output

[2021-05-21T16:38:08.982Z]  > git merge 4de534fe95f115da6afb2c2819335948ce7020c1 # timeout=10
[2021-05-21T16:38:08.993Z]  > git rev-parse HEAD^{commit} # timeout=10
[2021-05-21T16:38:09.006Z]  > git config core.sparsecheckout # timeout=10
[2021-05-21T16:38:09.010Z]  > git checkout -f 877342ee93bad2a13ab00827e4ff4f60eecdcf96 # timeout=15
[2021-05-21T16:38:15.010Z] Commit message: "docs: update changelog.next"
[2021-05-21T16:38:15.010Z] First time build. Skipping changelog.
[2021-05-21T16:38:15.010Z] Cleaning workspace
[2021-05-21T16:38:15.240Z]  > git --version # timeout=10
[2021-05-21T16:38:15.244Z]  > git --version # 'git version 2.17.1'
[2021-05-21T16:38:15.252Z] fatal: bad object 338418b47db64d2f76791e31a598d28cc38d49fc
[2021-05-21T16:38:16.265Z] Timeout set to expire in 3 hr 0 min
[2021-05-21T16:38:16.292Z] The timestamps step is unnecessary when timestamps are enabled for all Pipeline builds.
[2021-05-21T16:38:16.564Z] [INFO] Number of builds to be searched 10
[2021-05-21T16:38:17.268Z] [INFO] 'shallow' is forced to be disabled when running on PullRequests
[2021-05-21T16:38:17.292Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-25817/src/github.com/elastic/beats
[2021-05-21T16:38:17.328Z] [INFO] gitCheckout: Checkout SCM PR-25817 with default customisation from the Item.
[2021-05-21T16:38:15.012Z]  > git rev-parse --verify HEAD # timeout=10
[2021-05-21T16:38:15.016Z] Resetting working tree
[2021-05-21T16:38:15.017Z]  > git reset --hard # timeout=10
[2021-05-21T16:38:15.104Z]  > git clean -fdx # timeout=10
[2021-05-21T16:38:17.363Z] [INFO] Override default checkout
[2021-05-21T16:38:17.425Z] Sleeping for 10 sec
[2021-05-21T16:38:27.457Z] The recommended git tool is: git
[2021-05-21T16:38:27.554Z] using credential f6c7695a-671e-4f4f-a331-acdce44ff9ba
[2021-05-21T16:38:27.562Z] Wiping out workspace first.
[2021-05-21T16:38:27.573Z] Cloning the remote Git repository
[2021-05-21T16:38:27.573Z] Using shallow clone with depth 10
[2021-05-21T16:38:27.573Z] Avoid fetching tags
[2021-05-21T16:38:27.633Z] Cloning repository git@github.com:elastic/beats.git
[2021-05-21T16:38:27.706Z]  > git init /var/lib/jenkins/workspace/Beats_beats_PR-25817/src/github.com/elastic/beats # timeout=10
[2021-05-21T16:38:27.711Z] Fetching upstream changes from git@github.com:elastic/beats.git
[2021-05-21T16:38:27.712Z]  > git --version # timeout=10
[2021-05-21T16:38:27.716Z]  > git --version # 'git version 2.17.1'
[2021-05-21T16:38:27.716Z] using GIT_SSH to set credentials GitHub user @elasticmachine SSH key
[2021-05-21T16:38:27.721Z]  > git fetch --no-tags --progress -- git@github.com:elastic/beats.git +refs/heads/*:refs/remotes/origin/* # timeout=15
[2021-05-21T16:38:49.625Z] Cleaning workspace
[2021-05-21T16:38:49.640Z] Using shallow fetch with depth 10
[2021-05-21T16:38:49.640Z] Pruning obsolete local branches
[2021-05-21T16:38:50.568Z] Merging remotes/origin/master commit 4de534fe95f115da6afb2c2819335948ce7020c1 into PR head commit 877342ee93bad2a13ab00827e4ff4f60eecdcf96
[2021-05-21T16:38:49.609Z]  > git config remote.origin.url git@github.com:elastic/beats.git # timeout=10
[2021-05-21T16:38:49.612Z]  > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10
[2021-05-21T16:38:49.621Z]  > git config remote.origin.url git@github.com:elastic/beats.git # timeout=10
[2021-05-21T16:38:49.628Z]  > git rev-parse --verify HEAD # timeout=10
[2021-05-21T16:38:49.632Z] No valid HEAD. Skipping the resetting
[2021-05-21T16:38:49.632Z]  > git clean -fdx # timeout=10
[2021-05-21T16:38:49.643Z] Fetching upstream changes from git@github.com:elastic/beats.git
[2021-05-21T16:38:49.643Z] using GIT_SSH to set credentials GitHub user @elasticmachine SSH key
[2021-05-21T16:38:49.647Z]  > git fetch --no-tags --progress --prune -- git@github.com:elastic/beats.git +refs/pull/25817/head:refs/remotes/origin/PR-25817 +refs/heads/master:refs/remotes/origin/master # timeout=15
[2021-05-21T16:38:50.572Z]  > git config core.sparsecheckout # timeout=10
[2021-05-21T16:38:50.575Z]  > git checkout -f 877342ee93bad2a13ab00827e4ff4f60eecdcf96 # timeout=15
[2021-05-21T16:38:52.187Z] Merge succeeded, producing 877342ee93bad2a13ab00827e4ff4f60eecdcf96
[2021-05-21T16:38:52.188Z] Checking out Revision 877342ee93bad2a13ab00827e4ff4f60eecdcf96 (PR-25817)
[2021-05-21T16:38:52.435Z] Commit message: "docs: update changelog.next"
[2021-05-21T16:38:52.435Z] Cleaning workspace
[2021-05-21T16:38:52.752Z]  > git --version # timeout=10
[2021-05-21T16:38:52.755Z]  > git --version # 'git version 2.17.1'
[2021-05-21T16:38:52.759Z] fatal: bad object 338418b47db64d2f76791e31a598d28cc38d49fc
[2021-05-21T16:38:52.149Z]  > git remote # timeout=10
[2021-05-21T16:38:52.154Z]  > git config --get remote.origin.url # timeout=10
[2021-05-21T16:38:52.158Z] using GIT_SSH to set credentials GitHub user @elasticmachine SSH key
[2021-05-21T16:38:52.163Z]  > git merge 4de534fe95f115da6afb2c2819335948ce7020c1 # timeout=10
[2021-05-21T16:38:52.181Z]  > git rev-parse HEAD^{commit} # timeout=10
[2021-05-21T16:38:52.191Z]  > git config core.sparsecheckout # timeout=10
[2021-05-21T16:38:52.195Z]  > git checkout -f 877342ee93bad2a13ab00827e4ff4f60eecdcf96 # timeout=15
[2021-05-21T16:38:52.438Z]  > git rev-parse --verify HEAD # timeout=10
[2021-05-21T16:38:52.444Z] Resetting working tree
[2021-05-21T16:38:52.444Z]  > git reset --hard # timeout=10
[2021-05-21T16:38:52.674Z]  > git clean -fdx # timeout=10
[2021-05-21T16:38:53.565Z] Masking supported pattern matches of $GIT_USERNAME or $GIT_PASSWORD
[2021-05-21T16:38:54.359Z] + git fetch https://****:****@github.com/elastic/beats.git +refs/pull/*/head:refs/remotes/origin/pr/*
[2021-05-21T16:40:02.371Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-25817/src/github.com/elastic/beats/.git
[2021-05-21T16:40:02.606Z] Archiving artifacts
[2021-05-21T16:40:03.975Z] + git rev-parse HEAD
[2021-05-21T16:40:04.377Z] + git rev-parse HEAD
[2021-05-21T16:40:04.707Z] + git rev-parse origin/pr/25817
[2021-05-21T16:40:04.771Z] [INFO] githubEnv: Found Git Build Cause: pr
[2021-05-21T16:40:05.006Z] Masking supported pattern matches of $GITHUB_TOKEN
[2021-05-21T16:40:06.188Z] [WARN] githubApiCall: The REST API call https://api.github.com/repos/elastic/beats/pulls/25817/reviews return 0 elements
[2021-05-21T16:40:06.254Z] [INFO] githubPrCheckApproved: Title: fix: support unpadded base64 input data in decode_base64_field - User: neufeldtech - Author Association: FIRST_TIME_CONTRIBUTOR
[2021-05-21T16:40:06.597Z] ERROR: githubPrCheckApproved: The PR is not allowed to run in the CI yet
[2021-05-21T16:40:06.598Z] ERROR: githubPrCheckApproved: The PR is not allowed to run in the CI yet. (Only users with write permissions can do so.)
[2021-05-21T16:40:06.685Z] [INFO] Let's stop build #1. The PR is not allowed to run in the CI yet
[2021-05-21T16:40:06.710Z] Sleeping for 5 sec
[2021-05-21T16:40:08.000Z] Stage "Lint" skipped due to earlier failure(s)
[2021-05-21T16:40:08.082Z] Stage "Build&Test" skipped due to earlier failure(s)
[2021-05-21T16:40:08.167Z] Stage "Extended" skipped due to earlier failure(s)
[2021-05-21T16:40:08.250Z] Stage "Packaging" skipped due to earlier failure(s)
[2021-05-21T16:40:08.334Z] Stage "Packaging-Pipeline" skipped due to earlier failure(s)
[2021-05-21T16:40:08.450Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-25817/src/github.com/elastic/beats
[2021-05-21T16:40:08.836Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-25817
[2021-05-21T16:40:08.993Z] [INFO] getVaultSecret: Getting secrets
[2021-05-21T16:40:09.045Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2021-05-21T16:40:09.987Z] + chmod 755 generate-build-data.sh
[2021-05-21T16:40:09.987Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-25817/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-25817/runs/1 ABORTED 327238
[2021-05-21T16:40:09.987Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-25817/runs/1/steps/?limit=10000 -o steps-info.json
[2021-05-21T16:40:09.987Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-25817/runs/1/tests/?status=FAILED -o tests-errors.json
[2021-05-21T16:40:10.238Z] Retry 1/3 exited 22, retrying in 1 seconds...
[2021-05-21T16:40:11.149Z] Retry 2/3 exited 22, retrying in 2 seconds...
[2021-05-21T16:40:14.578Z] Retry 3/3 exited 22, no more retries left.
[2021-05-21T16:40:14.578Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-25817/runs/1/log/ -o pipeline-log.txt

[neufeldtech]

Converted to Draft for now - I had made some assumptions about base64 padding that need further validation

[michaelarnauts]

@neufeldtech I'm trying exactly your usecase, to decode a JWT token, but I encounter an issue where the base64 string can't be decoded. I don't see any === at the end though (I think a JWT token never has the padding at the end).

Have you found a solution in the meantime? I was inspired by this blog: https://medium.com/@guyromb/decode-jwt-traefik-access-logs-using-filebeat-95d935eb7c4f

[michaelarnauts]

The workaround by using a script to append the =-signs doesn't work with packetbeat, since the script processor isn't available there.

[michaelarnauts]

It seems that base64.RawStdEncoding.DecodeString(s) can be used for unpadded strings, but this will give issues with padded strings then.

A correct solution seems to be to strip the ='s at the end, and use base64.RawStdEncoding.DecodeString(s). That way, you don't need to calculate the number of missing =-signs.

[neufeldtech]

@michaelarnauts since I originally encountered this problem I pivoted to solving my issue In a different way, hence me converting my PR to a draft when I also came across further issues. Unfortunately I don't have any other workarounds to share.