From 9aac87b758e1aa0b9734b9a499484fad96568985 Mon Sep 17 00:00:00 2001 From: Scott Miller Date: Tue, 21 Jan 2025 14:25:00 -0800 Subject: [PATCH] Support parseutil.ParsePath for sensitive values in wrapper configs (#272) * Add support for stdlib ParsePath to sensitive options * wip * wire up QuietParsePath to all remaining wrappers * Add ParsePaths * wip new pattern * bug fixes * remove unused * unit test * mod tidy * remove unnecessary change * remove unnecessary change * Use the new parsepath options * add missing errnoturl check * Update to parsepath 0.1.9 * rollback wrapper changes until we have a tagged top level package * Improve ParsePaths behavior in errors, and add a usage comment --- go.mod | 5 +++++ go.sum | 10 ++++++++++ options.go | 25 ++++++++++++++++++++++++ options_test.go | 41 ++++++++++++++++++++++++++++++++++++++++ test-fixtures/secret.txt | 1 + 5 files changed, 82 insertions(+) create mode 100644 test-fixtures/secret.txt diff --git a/go.mod b/go.mod index f0a033c9..5a71f0cf 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module github.com/hashicorp/go-kms-wrapping/v2 go 1.20 require ( + github.com/hashicorp/go-secure-stdlib/parseutil v0.1.9 github.com/hashicorp/go-uuid v1.0.3 github.com/mr-tron/base58 v1.2.0 github.com/stretchr/testify v1.8.4 @@ -13,8 +14,12 @@ require ( require ( github.com/davecgh/go-spew v1.1.1 // indirect + github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect + github.com/hashicorp/go-sockaddr v1.0.6 // indirect github.com/kr/pretty v0.3.0 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/ryanuber/go-glob v1.0.0 // indirect golang.org/x/sys v0.15.0 // indirect gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 42952a68..0c615b72 100644 --- a/go.sum +++ b/go.sum @@ -2,6 +2,12 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.9 h1:FW0YttEnUNDJ2WL9XcrrfteS1xW8u+sh4ggM8pN5isQ= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.9/go.mod h1:Ll013mhdmsVDuoIXVfBtvgGJsXDYkTw1kooNcoCXuE0= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= +github.com/hashicorp/go-sockaddr v1.0.6 h1:RSG8rKU28VTUTvEKghe5gIhIQpv8evvNpnDEyqO4u9I= +github.com/hashicorp/go-sockaddr v1.0.6/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -11,12 +17,16 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o= github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= +github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= +github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= diff --git a/options.go b/options.go index 14778de5..f63199a2 100644 --- a/options.go +++ b/options.go @@ -5,6 +5,7 @@ package wrapping import ( "errors" + "github.com/hashicorp/go-secure-stdlib/parseutil" ) // GetOpts iterates the inbound Options and returns a struct @@ -154,3 +155,27 @@ func WithoutHMAC() Option { }) } } + +// ParsePaths is a helper function to take each string pointer argument and call parseutil.ParsePath, +// replacing the contents of the target string with the result if no error occurs. The function exits +// early if it encounters an error. In that case no passed fields will have been modified. +// +// If any passed pointer is nil it will be ignored. +func ParsePaths(fields ...*string) error { + newVals := make([]string, len(fields)) + for i := 0; i < len(fields); i++ { + if fields[i] != nil { + if newVal, err := parseutil.ParsePath(*fields[i], parseutil.WithNoTrimSpaces(true), parseutil.WithErrorOnMissingEnv(true)); err != nil && !errors.Is(err, parseutil.ErrNotAUrl) { + return err + } else { + newVals[i] = newVal + } + } + } + for i := 0; i < len(fields); i++ { + if fields[i] != nil { + *fields[i] = newVals[i] + } + } + return nil +} diff --git a/options_test.go b/options_test.go index fa6b2634..ffb449e3 100644 --- a/options_test.go +++ b/options_test.go @@ -112,3 +112,44 @@ func testOptionWithError(t *testing.T) Option { }) } } + +func TestParsePaths(t *testing.T) { + type options struct { + optionA string + optionB string + } + + test := options{ + optionA: "Hello, World!", + optionB: "file://test-fixtures/secret.txt", + } + if err := ParsePaths(&test.optionA, &test.optionB); err != nil { + t.Fatal(err) + } + if test.optionB != "Top Secret" { + t.Fatalf("expected TopSecret, got %s", test.optionB) + } + + // Test nil handling + test = options{ + optionA: "file://test-fixtures/secret.txt", + } + if err := ParsePaths(nil, &test.optionA, nil); err != nil { + t.Fatal(err) + } + if test.optionA != "Top Secret" { + t.Fatalf("expected TopSecret, got %s", test.optionB) + } + + // Test errors and error atomicity + test = options{ + optionA: "file://test-fixtures/secret.txt", + optionB: "file://test-fixtures/missing.txt", + } + if err := ParsePaths(&test.optionA, &test.optionB); err == nil { + t.Fatal("expected error but didn't get one") + } + if test.optionA != "file://test-fixtures/secret.txt" { + t.Fatalf("optionA was overwritten despite encountering an error") + } +} diff --git a/test-fixtures/secret.txt b/test-fixtures/secret.txt new file mode 100644 index 00000000..44ed0d3b --- /dev/null +++ b/test-fixtures/secret.txt @@ -0,0 +1 @@ +Top Secret \ No newline at end of file