Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add validation for tls private key and cert file values #771

Merged
merged 5 commits into from
May 18, 2021

Conversation

devang-gaur
Copy link
Contributor

fixes #769

@devang-gaur devang-gaur force-pushed the fix_769 branch 7 times, most recently from 7a412d0 to 2ff24ca Compare May 11, 2021 21:01
@codecov
Copy link

codecov bot commented May 12, 2021

Codecov Report

Merging #771 (3443f9e) into master (9ac1667) will increase coverage by 0.96%.
The diff coverage is 38.88%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #771      +/-   ##
==========================================
+ Coverage   73.78%   74.75%   +0.96%     
==========================================
  Files         110      111       +1     
  Lines        3285     3324      +39     
==========================================
+ Hits         2424     2485      +61     
+ Misses        677      654      -23     
- Partials      184      185       +1     
Impacted Files Coverage Δ
pkg/http-server/start.go 0.00% <0.00%> (ø)
pkg/http-server/validate.go 100.00% <100.00%> (ø)
pkg/config/global.go 79.45% <0.00%> (-7.09%) ⬇️
pkg/writer/human_readable.go 78.68% <0.00%> (-4.08%) ⬇️
pkg/results/types.go 100.00% <0.00%> (ø)
pkg/http-server/handler.go 100.00% <0.00%> (ø)
pkg/iac-providers/output/types.go 100.00% <0.00%> (ø)
pkg/policy/opa/engine.go 65.57% <0.00%> (+0.14%) ⬆️
pkg/iac-providers/terraform/commons/load-file.go 92.30% <0.00%> (+0.30%) ⬆️
... and 3 more

@@ -100,3 +116,27 @@ func (g *APIServer) start(routes []*Route, port, certFile, privateKeyFile string
}
logger.Info("server exiting gracefully")
}

func validateFiles(privateKeyFile, certFile string) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should add unit tests for the new functions added


if privateKeyFile != "" || certFile != "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should add e2e server tests for this case

e2 := validateFileName(certFile)

if e1 != nil && e2 != nil {
return errors.Errorf("error with --key-path filename: %s, error with --cert-path flag value: %s", e1.Error(), e2.Error())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is the go-errors required?
we could have wrapped errors with %w

Comment on lines 37 to 43
if privateKeyFile != "" || certFile != "" {
logger.Debugf("certfile is %s, privateKeyFile is %s", certFile, privateKeyFile)

if err := validateFiles(privateKeyFile, certFile); err != nil {
logger.Fatal(err)
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good change!

This piece of code can be moved into it's own function, this function can have more server related validations in the future.

Also, we can associate the newly created function with APIServer{}, since these are API server validations.

@@ -0,0 +1,58 @@
package httpserver
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Kindly add headers to all the newly added files!

"strings"
)

func ValidateFileName(file string) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel, we can get rid of this method!

@devang-gaur devang-gaur changed the title add validation for config, tls private key and cert file values add validation for tls private key and cert file values May 18, 2021
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
3.5% 3.5% Duplication

Copy link
Contributor

@patilpankaj212 patilpankaj212 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kanchwala-yusuf kanchwala-yusuf merged commit dc0b428 into tenable:master May 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

terrascan server: validation missing for --cert-path and --key-path
3 participants