Skip to content

Commit

Permalink
Merge pull request #86 from servian/secret-validate
Browse files Browse the repository at this point in the history 
Stricter aws_secret validation.
  • Loading branch information
@tristanmorgan
tristanmorgan authored Jan 18, 2022
2 parents d860cbb + f965a46 commit 90b4ed4
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 6 deletions.
8 changes: 7 additions & 1 deletion lib/awskeyring/validate.rb
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# frozen_string_literal: true

require 'base64'

# Awskeyring Module,
# gives you an interface to access keychains and items.
module Awskeyring
Expand Down Expand Up @@ -27,7 +29,11 @@ def self.access_key(aws_access_key)
#
# @param [String] aws_secret_access_key The aws_secret_access_key
def self.secret_access_key(aws_secret_access_key)
raise 'Secret Access Key is not 40 chars' if aws_secret_access_key.length != 40
begin
raise 'Invalid Secret Access Key' unless Base64.strict_decode64(aws_secret_access_key).length == 30
rescue ArgumentError
raise 'Invalid Secret Access Key'
end

aws_secret_access_key
end
Expand Down
2 changes: 1 addition & 1 deletion man/awskeyring.5
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "AWSKEYRING" "5" "November 2021" "" ""
.TH "AWSKEYRING" "5" "January 2022" "" ""
.
.SH "NAME"
\fBAwskeyring\fR \- is a small tool to manage AWS account keys in the macOS Keychain
Expand Down
6 changes: 3 additions & 3 deletions spec/lib/awskeyring/validate_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@

let(:test_broken_mfa_code) { 'mfa_code' }
let(:test_mfa_code) { '321654' }
let(:test_broken_secret) { 'AbCkTEsTAAAi8ni0987ASDFwer23j14FE' }
let(:test_secret) { 'AbCkTEsTAAAi8ni0987ASDFwer23j14FEQW3IUJV' }
let(:test_broken_secret) { 'hI7XqAiaR_XJxKgCqG0Wo79jm2+GcRYP' }
let(:test_secret) { 'vbkEXAMPLEa3TlCP2Fvmcbdp83LSaeDHtx13xc+M' }
let(:test_broken_key) { 'AKIA1234567890' }
let(:test_key) { 'AKIA1234567890ABCDEF' }

Expand All @@ -38,7 +38,7 @@
end

it 'invalidates an secret access key' do
expect { validate.secret_access_key(test_broken_secret) }.to raise_error('Secret Access Key is not 40 chars')
expect { validate.secret_access_key(test_broken_secret) }.to raise_error('Invalid Secret Access Key')
end

it 'validates an mfa code' do
Expand Down
2 changes: 1 addition & 1 deletion spec/lib/awskeyring_command_more_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -338,7 +338,7 @@
it 'tries to add an invalid secret' do
expect do
described_class.start(['add', 'test', '-k', access_key, '-s', bad_secret_access_key, '-m', mfa_arn])
end.to raise_error.and output(/Secret Access Key is not 40 chars/).to_stderr
end.to raise_error.and output(/Invalid Secret Access Key/).to_stderr
end
end

Expand Down

0 comments on commit 90b4ed4

Please sign in to comment.