Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add validation for tls private key and cert file values #771

Merged
merged 5 commits into from
May 18, 2021
Merged

add validation for tls private key and cert file values #771

merged 5 commits into from
May 18, 2021

Conversation

devang-gaur
Copy link
Contributor

fixes #769

@devang-gaur devang-gaur force-pushed the fix_769 branch 7 times, most recently from 7a412d0 to 2ff24ca Compare May 11, 2021 21:01
@codecov
Copy link

codecov bot commented May 12, 2021
edited
Loading

Codecov Report

Merging #771 (3443f9e) into master (9ac1667) will increase coverage by 0.96%.
The diff coverage is 38.88%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #771      +/-   ##
==========================================
+ Coverage   73.78%   74.75%   +0.96%     
==========================================
  Files         110      111       +1     
  Lines        3285     3324      +39     
==========================================
+ Hits         2424     2485      +61     
+ Misses        677      654      -23     
- Partials      184      185       +1
Impacted Files Coverage Δ
pkg/http-server/start.go 0.00% <0.00%> (ø)
pkg/http-server/validate.go 100.00% <100.00%> (ø)
pkg/config/global.go 79.45% <0.00%> (-7.09%) ⬇️
pkg/writer/human_readable.go 78.68% <0.00%> (-4.08%) ⬇️
pkg/results/types.go 100.00% <0.00%> (ø)
pkg/http-server/handler.go 100.00% <0.00%> (ø)
pkg/iac-providers/output/types.go 100.00% <0.00%> (ø)
pkg/policy/opa/engine.go 65.57% <0.00%> (+0.14%) ⬆️
pkg/iac-providers/terraform/commons/load-file.go 92.30% <0.00%> (+0.30%) ⬆️
... and 3 more

patilpankaj212
patilpankaj212 suggested changes May 13, 2021
View reviewed changes
pkg/http-server/start.go Outdated
@@ -100,3 +116,27 @@ func (g *APIServer) start(routes []*Route, port, certFile, privateKeyFile string
}
logger.Info("server exiting gracefully")
}

func validateFiles(privateKeyFile, certFile string) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should add unit tests for the new functions added

pkg/http-server/start.go Outdated

if privateKeyFile != "" || certFile != "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should add e2e server tests for this case

pkg/http-server/start.go Outdated
e2 := validateFileName(certFile)

if e1 != nil && e2 != nil {
return errors.Errorf("error with --key-path filename: %s, error with --cert-path flag value: %s", e1.Error(), e2.Error())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is the go-errors required?
we could have wrapped errors with %w

kanchwala-yusuf
kanchwala-yusuf suggested changes May 13, 2021
View reviewed changes
pkg/http-server/start.go Outdated
Comment on lines 37 to 43
if privateKeyFile != "" || certFile != "" {
logger.Debugf("certfile is %s, privateKeyFile is %s", certFile, privateKeyFile)

if err := validateFiles(privateKeyFile, certFile); err != nil {
logger.Fatal(err)
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good change!

This piece of code can be moved into it's own function, this function can have more server related validations in the future.

Also, we can associate the newly created function with APIServer{}, since these are API server validations.

kanchwala-yusuf
kanchwala-yusuf reviewed May 17, 2021
View reviewed changes
pkg/http-server/helpers_test.go Outdated
@@ -0,0 +1,58 @@
package httpserver
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Kindly add headers to all the newly added files!

pkg/utils/file.go Outdated
"strings"
)

func ValidateFileName(file string) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel, we can get rid of this method!

@devang-gaur devang-gaur changed the title add validation for config, tls private key and cert file values add validation for tls private key and cert file values May 18, 2021
@sonarcloud
Copy link

sonarcloud bot commented May 18, 2021

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
3.5% 3.5% Duplication

patilpankaj212
patilpankaj212 approved these changes May 18, 2021
View reviewed changes
Copy link
Contributor

@patilpankaj212 patilpankaj212 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kanchwala-yusuf kanchwala-yusuf merged commit dc0b428 into tenable:master May 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kanchwala-yusuf kanchwala-yusuf kanchwala-yusuf approved these changes

@patilpankaj212 patilpankaj212 patilpankaj212 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

terrascan server: validation missing for --cert-path and --key-path
3 participants
@devang-gaur @patilpankaj212 @kanchwala-yusuf