From 858008cd253cdf514a366c2f734d4a5cf51c2df8 Mon Sep 17 00:00:00 2001 From: "clairebontempo@gmail.com" Date: Mon, 11 Mar 2024 14:09:45 -0500 Subject: [PATCH 1/2] remove leading slash from kv secret path --- ui/app/utils/kv-path.ts | 7 +++++-- ui/lib/core/app/utils/sanitize-path.js | 2 +- ui/tests/unit/utils/kv-path-test.js | 20 +++++++++++++++++++- 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/ui/app/utils/kv-path.ts b/ui/app/utils/kv-path.ts index 116a5c0c219a..0ee8479747fc 100644 --- a/ui/app/utils/kv-path.ts +++ b/ui/app/utils/kv-path.ts @@ -8,10 +8,13 @@ * Additional methods for building URLs for other KV-V2 actions */ +import { sanitizeStart } from 'core/utils/sanitize-path'; import { encodePath } from 'vault/utils/path-encoding-helpers'; -function buildKvPath(backend: string, path: string, type: string, version?: number | string) { - const url = `${encodePath(backend)}/${type}/${encodePath(path)}`; +// only exported for testing +export function buildKvPath(backend: string, path: string, type: string, version?: number | string) { + const sanitizedPath = sanitizeStart(path); // removing leading slashes + const url = `${encodePath(backend)}/${type}/${encodePath(sanitizedPath)}`; return version ? `${url}?version=${version}` : url; } diff --git a/ui/lib/core/app/utils/sanitize-path.js b/ui/lib/core/app/utils/sanitize-path.js index 27a0db30e1c6..453e195254bb 100644 --- a/ui/lib/core/app/utils/sanitize-path.js +++ b/ui/lib/core/app/utils/sanitize-path.js @@ -3,4 +3,4 @@ * SPDX-License-Identifier: BUSL-1.1 */ -export { ensureTrailingSlash, sanitizePath, getRelativePath } from 'core/utils/sanitize-path'; +export { ensureTrailingSlash, sanitizePath, sanitizeStart, getRelativePath } from 'core/utils/sanitize-path'; diff --git a/ui/tests/unit/utils/kv-path-test.js b/ui/tests/unit/utils/kv-path-test.js index 2e75b12bd192..b40d0b7b2e86 100644 --- a/ui/tests/unit/utils/kv-path-test.js +++ b/ui/tests/unit/utils/kv-path-test.js @@ -3,10 +3,28 @@ * SPDX-License-Identifier: BUSL-1.1 */ -import { kvDataPath, kvDestroyPath, kvMetadataPath, kvUndeletePath } from 'vault/utils/kv-path'; +import { buildKvPath, kvDataPath, kvDestroyPath, kvMetadataPath, kvUndeletePath } from 'vault/utils/kv-path'; import { module, test } from 'qunit'; module('Unit | Utility | kv-path utils', function () { + test('buildKvPath encodes and sanitizes path', function (assert) { + assert.expect(4); + + assert.strictEqual( + buildKvPath('my-backend', '//my-secret/hello ', 'metadata'), + 'my-backend/metadata/my-secret/hello' + ); + assert.strictEqual( + buildKvPath('my-backend', 'my-secret/hello ', 'data'), + 'my-backend/data/my-secret/hello' + ); + assert.strictEqual( + buildKvPath('kv?engine', 'my-secret hello ', 'data'), + 'kv%3Fengine/data/my-secret%20hello' + ); + assert.strictEqual(buildKvPath('kv-engine', 'foo', 'data', 2), 'kv-engine/data/foo?version=2'); + }); + module('kvDataPath', function () { [ { From d4447dcfd291f2e2a58b2ed8b6ee761d252d1646 Mon Sep 17 00:00:00 2001 From: "clairebontempo@gmail.com" Date: Mon, 11 Mar 2024 14:17:20 -0500 Subject: [PATCH 2/2] add changelog --- changelog/25874.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/25874.txt diff --git a/changelog/25874.txt b/changelog/25874.txt new file mode 100644 index 000000000000..bf9ae37f02ba --- /dev/null +++ b/changelog/25874.txt @@ -0,0 +1,3 @@ +```release-note:improvement +ui: remove leading slash from KV version 2 secret paths +```