bug(workersAPI): do not allow nonprintable or uppercase name or desc (#2186)

* Send more info on KMS connect (#2182)

* Update nodeenrollment to v0.1.0

* bug(workersAPI): do not allow nonprintable or uppercase name or desc

* Put checks on create too

* Apply printable check to description in DB

* chore (worker): address PR feedback

Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Co-authored-by: Jim <jlambert@hashicorp.com>
pull/2195/head
Irena Rindos 4 years ago committed by GitHub
parent 577d8418cd
commit 06d0f99536
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -3,6 +3,7 @@ package workers
import (
"context"
"fmt"
"strings"
"github.com/hashicorp/boundary/globals"
"github.com/hashicorp/boundary/internal/daemon/controller/auth"
@ -545,6 +546,17 @@ func validateUpdateRequest(req *pbs.UpdateWorkerRequest) error {
if req.GetItem().GetConfigTags() != nil {
badFields[globals.TagsField] = "This is a read only field."
}
nameString := req.GetItem().GetName().String()
if !strutil.Printable(nameString) {
badFields[globals.NameField] = "Contains non-printable characters"
}
if strings.ToLower(nameString) != nameString {
badFields[globals.NameField] = "Must be all lowercase."
}
descriptionString := req.GetItem().GetDescription().String()
if !strutil.Printable(descriptionString) {
badFields[globals.DescriptionField] = "Contains non-printable characters."
}
return badFields
}, servers.WorkerPrefix)
}
@ -577,6 +589,17 @@ func validateCreateRequest(req *pbs.CreateWorkerLedRequest) error {
if req.GetItem().AuthorizedActions != nil {
badFields[globals.AuthorizedActionsField] = readOnlyFieldMsg
}
nameString := req.GetItem().GetName().String()
if !strutil.Printable(nameString) {
badFields[globals.NameField] = "Contains non-printable characters."
}
if strings.ToLower(nameString) != nameString {
badFields[globals.NameField] = "Must be all lowercase"
}
descriptionString := req.GetItem().GetDescription().String()
if !strutil.Printable(descriptionString) {
badFields[globals.DescriptionField] = "Contains non-printable characters."
}
return badFields
})
}

@ -708,6 +708,45 @@ func TestUpdate(t *testing.T) {
res: nil,
err: handlers.ApiErrorWithCode(codes.InvalidArgument),
},
{
name: "Invalid name- uppercase",
req: &pbs.UpdateWorkerRequest{
UpdateMask: &field_mask.FieldMask{
Paths: []string{"name", "description", "address"},
},
Item: &pb.Worker{
Name: wrapperspb.String("BADNAME"),
},
},
res: nil,
err: handlers.ApiErrorWithCode(codes.InvalidArgument),
},
{
name: "Invalid name- non-printable",
req: &pbs.UpdateWorkerRequest{
UpdateMask: &field_mask.FieldMask{
Paths: []string{"name", "description", "address"},
},
Item: &pb.Worker{
Name: wrapperspb.String("\x00"),
},
},
res: nil,
err: handlers.ApiErrorWithCode(codes.InvalidArgument),
},
{
name: "Invalid description- nonprintable",
req: &pbs.UpdateWorkerRequest{
UpdateMask: &field_mask.FieldMask{
Paths: []string{"name", "description", "address"},
},
Item: &pb.Worker{
Description: wrapperspb.String("\x00"),
},
},
res: nil,
err: handlers.ApiErrorWithCode(codes.InvalidArgument),
},
}
for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) {

@ -53,16 +53,18 @@ create table server_worker (
references iam_scope_global(scope_id)
on delete cascade
on update cascade,
description wt_description,
description wt_description
constraint description_only_has_printable_characters
check (description is null or description !~ '[^[:print:]]'),
name wt_name -- server_worker_scope_id_name_uq defines an appropriate uniqueness constraint for name
constraint worker_name_must_be_set_by_status
check (
type != 'kms' or name is not null
)
constraint kms_name_must_be_lowercase
check (lower(trim(name)) = name and type = 'kms')
constraint kms_name_only_has_printable_characters
check (name !~ '[^[:print:]]' and type = 'kms'),
constraint name_must_be_lowercase
check (name is null or lower(trim(name)) = name)
constraint name_only_has_printable_characters
check (name is null or name !~ '[^[:print:]]'),
address wt_network_address
constraint address_must_be_set_by_status
check (

Loading…
Cancel
Save