speatzle/go-passbolt
1
0
Fork 0
mirror of https://github.com/passbolt/go-passbolt.git synced 2025-05-09 09:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add Secret Json Schema Validation

Browse source
This commit is contained in:
Samuel Lorch 2023-11-24 11:07:38 +01:00
parent adaffbce7e
commit 605db2b047
4 changed files with 68 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
api/resource_types.go
View file

@ -6,14 +6,19 @@ import (
"fmt"
)
//ResourceType is the Type of a Resource
// ResourceType is the Type of a Resource
type ResourceType struct {
ID string `json:"id,omitempty"`
Slug string `json:"slug,omitempty"`
Description string `json:"description,omitempty"`
Definition json.RawMessage `json:"definition,omitempty"`
Created *Time `json:"created,omitempty"`
Modified *Time `json:"modified,omitempty"`
ID string `json:"id,omitempty"`
Slug string `json:"slug,omitempty"`
Description string `json:"description,omitempty"`
Definition string `json:"definition,omitempty"`
Created *Time `json:"created,omitempty"`
Modified *Time `json:"modified,omitempty"`
}
type ResourceTypeSchema struct {
Resource json.RawMessage `json:"resource"`
Secret json.RawMessage `json:"secret"`
}
// GetResourceTypesOptions is a placeholder for future options

10
helper/resources.go
View file

@ -42,6 +42,11 @@ func CreateResource(ctx context.Context, c *api.Client, folderParentID, name, us
return "", fmt.Errorf("Marshalling Secret Data: %w", err)
}
err = validateSecretData(rType, string(secretData))
if err != nil {
return "", fmt.Errorf("Validating Secret Data: %w", err)
}
encSecretData, err := c.EncryptMessage(string(secretData))
if err != nil {
return "", fmt.Errorf("Encrypting Secret Data for User me: %w", err)
@ -223,6 +228,11 @@ func UpdateResource(ctx context.Context, c *api.Client, resourceID, name, userna
return fmt.Errorf("Unknown ResourceType: %v", rType.Slug)
}
err = validateSecretData(rType, secretData)
if err != nil {
return fmt.Errorf("Validating Secret Data: %w", err)
}
newResource.Secrets = []api.Secret{}
for _, user := range users {
var encSecretData string

16
helper/share.go
View file

@ -63,6 +63,22 @@ func ShareResource(ctx context.Context, c *api.Client, resourceID string, change
return fmt.Errorf("Decrypting Resource Secret: %w", err)
}
// Secret Validation
resource, err := c.GetResource(ctx, resourceID)
if err != nil {
return fmt.Errorf("Getting Resource: %w", err)
}
rType, err := c.GetResourceType(ctx, resource.ResourceTypeID)
if err != nil {
return fmt.Errorf("Getting ResourceType: %w", err)
}
err = validateSecretData(rType, secretData)
if err != nil {
return fmt.Errorf("Validating Secret Data: %w", err)
}
simulationResult, err := c.SimulateShareResource(ctx, resourceID, shareRequest)
if err != nil {
return fmt.Errorf("Simulate Share Resource: %w", err)

30
helper/util.go
View file

@ -1,9 +1,13 @@
package helper
import (
"bytes"
"encoding/json"
"fmt"
"strings"
"github.com/passbolt/go-passbolt/api"
"github.com/santhosh-tekuri/jsonschema"
)
func getPublicKeyByUserID(userID string, Users []api.User) (string, error) {
@ -32,3 +36,29 @@ func getSecretByResourceID(secrets []api.Secret, resourceID string) (*api.Secret
}
return nil, fmt.Errorf("Cannot Find Secret for id %v", resourceID)
}
func validateSecretData(rType *api.ResourceType, secretData string) error {
var schemaDefinition api.ResourceTypeSchema
err := json.Unmarshal([]byte(rType.Definition), &schemaDefinition)
if err != nil {
return fmt.Errorf("Unmarshal Json Schema: %w", err)
}
comp := jsonschema.NewCompiler()
err = comp.AddResource("secret.json", bytes.NewReader(schemaDefinition.Secret))
if err != nil {
return fmt.Errorf("Adding Json Schema: %w", err)
}
schema, err := comp.Compile("secret.json")
if err != nil {
return fmt.Errorf("Compiling Json Schema: %w", err)
}
err = schema.Validate(strings.NewReader(secretData))
if err != nil {
return fmt.Errorf("Validating Secret Data: %w", err)
}
return nil
}