From 2e0ee1b81067108249de15ee8e4ba8217b146565 Mon Sep 17 00:00:00 2001 From: sanga17 Date: Wed, 27 May 2020 16:19:22 +0530 Subject: [PATCH 1/3] Fixed problem escaping string in JSON Signed-off-by: sanga17 --- lib/chef-vault/exceptions.rb | 3 +++ lib/chef/knife/mixin/helper.rb | 30 ++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/lib/chef-vault/exceptions.rb b/lib/chef-vault/exceptions.rb index 67ee744..baefa8a 100644 --- a/lib/chef-vault/exceptions.rb +++ b/lib/chef-vault/exceptions.rb @@ -51,5 +51,8 @@ class IdMismatch < Exceptions class V1Format < Exceptions end + + class InvalidValue < Exceptions + end end end diff --git a/lib/chef/knife/mixin/helper.rb b/lib/chef/knife/mixin/helper.rb index 2212935..f109c00 100644 --- a/lib/chef/knife/mixin/helper.rb +++ b/lib/chef/knife/mixin/helper.rb @@ -27,6 +27,7 @@ def set_mode(mode) def merge_values(json, file) values = {} values.merge!(values_from_file(file)) if file + validate_json(json) values.merge!(values_from_json(json)) if json values @@ -43,6 +44,35 @@ def values_from_json(json) rescue JSON::ParserError raise JSON::ParserError, "#{json} is not valid JSON!" end + + # I/P: json string + # It checks wheather it contains any non-printable character present or not, + # If present then raises error of InvalidValue + def validate_json(json) + begin + evaled_json = eval(json) + rescue StandardError => e + puts e.message + end + + if evaled_json.is_a?(Hash) + evaled_json.each do |key, value| + next if printable?(value) + + msg = "Value '#{value}' of key '#{key}' contains non-printable characters. Check that backslashes are escaped with another backslash (e.g. C:\\\\Windows) in double-quoted strings." + raise ChefVault::Exceptions::InvalidValue, msg + end + end + end + + # I/P: String + # O/P: true/false + # returns true if string is free of non-printable characters (escape sequences) + # this returns false for whitespace escape sequences as well, e.g. \n\t + def printable?(string) + return false if string =~ /[^[:print:]]/ + true + end end end end From 7551daa89605fe66e3808eb43b892668272b87f2 Mon Sep 17 00:00:00 2001 From: Sangmesh Ausekar <58020082+sanga1794@users.noreply.github.com> Date: Mon, 3 Aug 2020 18:53:55 +0530 Subject: [PATCH 2/3] updated comment message Signed-off-by: sanga17 --- lib/chef/knife/mixin/helper.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/chef/knife/mixin/helper.rb b/lib/chef/knife/mixin/helper.rb index f109c00..8752856 100644 --- a/lib/chef/knife/mixin/helper.rb +++ b/lib/chef/knife/mixin/helper.rb @@ -46,8 +46,7 @@ def values_from_json(json) end # I/P: json string - # It checks wheather it contains any non-printable character present or not, - # If present then raises error of InvalidValue + # Raises `InvalidValue` if any of the json's values contain non-printable characters. def validate_json(json) begin evaled_json = eval(json) From cd450db711d4ddda5f3e2bed7f1955f45a0b171b Mon Sep 17 00:00:00 2001 From: sanga17 Date: Fri, 30 Oct 2020 18:28:43 +0530 Subject: [PATCH 3/3] Handled syntax error also refactored code and added test cases for the changes Signed-off-by: sanga17 --- lib/chef/knife/mixin/helper.rb | 11 +++++------ spec/chef/helper_spec.rb | 24 ++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 6 deletions(-) create mode 100644 spec/chef/helper_spec.rb diff --git a/lib/chef/knife/mixin/helper.rb b/lib/chef/knife/mixin/helper.rb index 8752856..c60daa4 100644 --- a/lib/chef/knife/mixin/helper.rb +++ b/lib/chef/knife/mixin/helper.rb @@ -27,7 +27,6 @@ def set_mode(mode) def merge_values(json, file) values = {} values.merge!(values_from_file(file)) if file - validate_json(json) values.merge!(values_from_json(json)) if json values @@ -40,6 +39,7 @@ def values_from_file(file) end def values_from_json(json) + validate_json(json) JSON.parse(json) rescue JSON::ParserError raise JSON::ParserError, "#{json} is not valid JSON!" @@ -50,13 +50,13 @@ def values_from_json(json) def validate_json(json) begin evaled_json = eval(json) - rescue StandardError => e - puts e.message + rescue SyntaxError => e + raise ChefVault::Exceptions::InvalidValue, "#{json} is not valid JSON!" end if evaled_json.is_a?(Hash) evaled_json.each do |key, value| - next if printable?(value) + next unless printable?(value.to_s) msg = "Value '#{value}' of key '#{key}' contains non-printable characters. Check that backslashes are escaped with another backslash (e.g. C:\\\\Windows) in double-quoted strings." raise ChefVault::Exceptions::InvalidValue, msg @@ -69,8 +69,7 @@ def validate_json(json) # returns true if string is free of non-printable characters (escape sequences) # this returns false for whitespace escape sequences as well, e.g. \n\t def printable?(string) - return false if string =~ /[^[:print:]]/ - true + /[^[:print:]]/.match(string) end end end diff --git a/spec/chef/helper_spec.rb b/spec/chef/helper_spec.rb new file mode 100644 index 0000000..694f7eb --- /dev/null +++ b/spec/chef/helper_spec.rb @@ -0,0 +1,24 @@ +require "spec_helper" +require "chef/knife/mixin/helper" + +RSpec.describe ChefVault::Mixin::Helper do + include ChefVault::Mixin::Helper + + let(:json_data) { '{"username": "root", "password": "abcabc"}' } + let(:json_data_control_char) { '{"username": "root", "password": "abc\abc"}' } + let(:buggy_json_data) { '{"username": "root", "password": "abc\abc"' } + + describe "#validate_json" do + it "Raises InvalidValue Exception when invalid data provided" do + expect { validate_json(buggy_json_data) }.to raise_error(ChefVault::Exceptions::InvalidValue) + end + + it "Raises InvalidValue Exception when value consist of control characters" do + expect { validate_json(json_data_control_char) }.to raise_error(ChefVault::Exceptions::InvalidValue) + end + + it "Not to raise error if valid data provided" do + expect { validate_json(json_data) }.to_not raise_error + end + end +end \ No newline at end of file