From 5cf7839a42265b20ded3dbc8028337ff55bf742e Mon Sep 17 00:00:00 2001 From: Samuel Lorch Date: Mon, 12 May 2025 19:57:59 +0200 Subject: [PATCH] move and rework secret Validation --- helper/secret.go | 63 ++++++++++++++++++++++++++++++++++++++++++++++++ helper/util.go | 45 ---------------------------------- 2 files changed, 63 insertions(+), 45 deletions(-) create mode 100644 helper/secret.go diff --git a/helper/secret.go b/helper/secret.go new file mode 100644 index 0000000..f6849dc --- /dev/null +++ b/helper/secret.go @@ -0,0 +1,63 @@ +package helper + +import ( + "bytes" + "encoding/json" + "fmt" + "strings" + + "github.com/passbolt/go-passbolt/api" + "github.com/santhosh-tekuri/jsonschema" +) + +func validateSecretData(rType *api.ResourceType, secretData string) error { + var schemaDefinition api.ResourceTypeSchema + definition := rType.Definition + + // Fallback schema + if string(definition) == "[]" || string(definition) == "\"[]\"" { + tmp, ok := api.ResourceSchemas[rType.Slug] + if !ok { + return fmt.Errorf("Server Does not have the Required json Schema and there is no fallback available for type: %v", rType.Slug) + } + definition = tmp + } + + err := json.Unmarshal([]byte(definition), &schemaDefinition) + if err != nil { + // Workaround for inconsistant API Responses where sometime the Schema is embedded directly and sometimes it's escaped as a string + if err.Error() == "json: cannot unmarshal string into Go value of type api.ResourceTypeSchema" { + var tmp string + err = json.Unmarshal([]byte(definition), &tmp) + if err != nil { + return fmt.Errorf("Workaround Unmarshal Json Schema String: %w", err) + } + + err = json.Unmarshal([]byte(tmp), &schemaDefinition) + if err != nil { + return fmt.Errorf("Workaround Unmarshal Json Schema: %w", err) + } + + } else { + return fmt.Errorf("Unmarshal Json Schema: %w", err) + } + } + + comp := jsonschema.NewCompiler() + + err = comp.AddResource("secret.json", bytes.NewReader(schemaDefinition.Secret)) + if err != nil { + return fmt.Errorf("Adding Json Schema: %w", err) + } + + schema, err := comp.Compile("secret.json") + if err != nil { + return fmt.Errorf("Compiling Json Schema: %w", err) + } + + err = schema.Validate(strings.NewReader(secretData)) + if err != nil { + return fmt.Errorf("Validating Secret Data: %w", err) + } + return nil +} diff --git a/helper/util.go b/helper/util.go index 4d7a144..78b1960 100644 --- a/helper/util.go +++ b/helper/util.go @@ -1,13 +1,9 @@ package helper import ( - "bytes" - "encoding/json" "fmt" - "strings" "github.com/passbolt/go-passbolt/api" - "github.com/santhosh-tekuri/jsonschema" ) func getPublicKeyByUserID(userID string, Users []api.User) (string, error) { @@ -36,44 +32,3 @@ func getSecretByResourceID(secrets []api.Secret, resourceID string) (*api.Secret } return nil, fmt.Errorf("Cannot Find Secret for id %v", resourceID) } - -func validateSecretData(rType *api.ResourceType, secretData string) error { - var schemaDefinition api.ResourceTypeSchema - err := json.Unmarshal([]byte(rType.Definition), &schemaDefinition) - if err != nil { - // Workaround for inconsistant API Responses where sometime the Schema is embedded directly and sometimes it's escaped as a string - if err.Error() == "json: cannot unmarshal string into Go value of type api.ResourceTypeSchema" { - var tmp string - err = json.Unmarshal([]byte(rType.Definition), &tmp) - if err != nil { - return fmt.Errorf("Workaround Unmarshal Json Schema String: %w", err) - } - - err = json.Unmarshal([]byte(tmp), &schemaDefinition) - if err != nil { - return fmt.Errorf("Workaround Unmarshal Json Schema: %w", err) - } - - } else { - return fmt.Errorf("Unmarshal Json Schema: %w", err) - } - } - - comp := jsonschema.NewCompiler() - - err = comp.AddResource("secret.json", bytes.NewReader(schemaDefinition.Secret)) - if err != nil { - return fmt.Errorf("Adding Json Schema: %w", err) - } - - schema, err := comp.Compile("secret.json") - if err != nil { - return fmt.Errorf("Compiling Json Schema: %w", err) - } - - err = schema.Validate(strings.NewReader(secretData)) - if err != nil { - return fmt.Errorf("Validating Secret Data: %w", err) - } - return nil -}