validations

hashicorp · Oct 14, 2024 · d6fd291 · d6fd291
1 parent 6e4718d
commit d6fd291
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 1 deletion.
diff --git a/ui/app/models/kv/data.js b/ui/app/models/kv/data.js
@@ -8,7 +8,11 @@ import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';
 import { withModelValidations } from 'vault/decorators/model-validations';
 import { withFormFields } from 'vault/decorators/model-form-fields';
 import { isDeleted } from 'kv/utils/kv-deleted';
-import { WHITESPACE_WARNING } from 'vault/utils/model-helpers/validators';
+import {
+  DATA_OCTET_WARNING,
+  FORWARD_SLASH_WARNING,
+  WHITESPACE_WARNING,
+} from 'vault/utils/model-helpers/validators';
 
 /* sample response
 {
@@ -39,6 +43,16 @@ const validations = {
       message: WHITESPACE_WARNING('path'),
       level: 'warn',
     },
+    {
+      type: 'containsDataOctet',
+      message: DATA_OCTET_WARNING('path'),
+      level: 'warn',
+    },
+    {
+      type: 'containsForwardSlash',
+      message: FORWARD_SLASH_WARNING('path'),
+      level: 'warn',
+    },
   ],
   secretData: [
     {

diff --git a/ui/app/utils/model-helpers/validators.js b/ui/app/utils/model-helpers/validators.js
@@ -36,6 +36,14 @@ export const containsWhiteSpace = (value) => {
   return !hasWhitespace(value);
 };
 
+export const containsDataOctet = (value) => {
+  return !hasDataOctet(value);
+};
+
+export const containsForwardSlash = (value) => {
+  return !hasForwardSlash(value);
+};
+
 export const endsInSlash = (value) => {
   const validation = new RegExp('/$');
   return !validation.test(value);
@@ -51,6 +59,22 @@ export const hasWhitespace = (value) => {
   return validation.test(value);
 };
 
+export const hasDataOctet = (value) => {
+  // A percent-encoded data octet is a character triplet that represents a byte's numeric value in a Uniform Resource Identifier (URI):
+  // Format: A percent sign (%) followed by two hexadecimal digits
+  // Example: The percent-encoding for / is %2f
+  // In KVv2 we want to warn users that their secret path includes a percent-encoded data octet and that we will not transform it
+  const regex = /%([0-9A-Fa-f]{2})/g;
+  return !!value.match(regex);
+};
+
+export const hasForwardSlash = (value) => {
+  // only show if forward slash is not the last value. If it's the last value the endsInSlash validator will catch it.
+  const notLastChar = value.slice(0, -1);
+  const regex = /\//g;
+  return regex.test(notLastChar);
+};
+
 // HTML form inputs transform values to a string type
 // this returns if the value can be evaluated as non-string, i.e. "null"
 export const isNonString = (value) => {
@@ -68,6 +92,14 @@ export const WHITESPACE_WARNING = (item) =>
     item
   )} contains whitespace. If this is desired, you'll need to encode it with %20 in API requests.`;
 
+export const DATA_OCTET_WARNING = (item) =>
+  `${capitalize(item)} contains a percent encoded data octet. The UI will not decode this.`;
+
+export const FORWARD_SLASH_WARNING = (item) =>
+  `${capitalize(
+    item
+  )} contains a forward slash. The UI will interpret this as the name of a directory. Example: foo/bar where foo will be the directory name and foo the secret path.`;
+
 export const NON_STRING_WARNING =
   'This value will be saved as a string. If you need to save a non-string value, please use the JSON editor.';
 
@@ -76,6 +108,8 @@ export default {
   length,
   number,
   containsWhiteSpace,
+  containsDataOctet,
+  containsForwardSlash,
   endsInSlash,
   isNonString,
   hasWhitespace,