From e2fde9486f1a670cbedb76c11b40e425cece10d7 Mon Sep 17 00:00:00 2001 From: Grant Sims <37882753+sims-security@users.noreply.github.com> Date: Mon, 8 Feb 2021 14:09:25 -0600 Subject: [PATCH 1/3] function for case-insensitive search through map --- plugin/match.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/plugin/match.go b/plugin/match.go index 2205ec5..3553be1 100644 --- a/plugin/match.go +++ b/plugin/match.go @@ -23,3 +23,12 @@ func match(name string, patterns []string) bool { } return false } + +func matchCaseInsensitive(name string, params map[string]string) (string, bool) { + for key, value := range params { + if strings.ToLower(key) == strings.ToLower(name) { + return value, true + } + } + return "", false +} From c1a5c4c55adc37ad2dd1ed2c4b4c7c3103e3a990 Mon Sep 17 00:00:00 2001 From: Grant Sims <37882753+sims-security@users.noreply.github.com> Date: Mon, 8 Feb 2021 14:12:04 -0600 Subject: [PATCH 2/3] call new match function for pulling secret --- plugin/plugin.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin/plugin.go b/plugin/plugin.go index de4fc42..6b55dc4 100644 --- a/plugin/plugin.go +++ b/plugin/plugin.go @@ -39,7 +39,7 @@ func (p *plugin) Find(ctx context.Context, req *secret.Request) (*drone.Secret, if err != nil { return nil, errors.New("secret not found") } - value, ok := params[name] + value, ok := matchCaseInsensitive(name, params) if !ok { return nil, errors.New("secret key not found") } From dc339cbe5d2c46b77fbdcc70faaf8da1583e849e Mon Sep 17 00:00:00 2001 From: Grant Sims <37882753+sims-security@users.noreply.github.com> Date: Mon, 8 Feb 2021 14:14:18 -0600 Subject: [PATCH 3/3] test function for case-insensitive key->secret match --- plugin/plugin_test.go | 42 +++++++++++++++++++++++++++ plugin/testdata/uppercase_secret.json | 13 +++++++++ 2 files changed, 55 insertions(+) create mode 100644 plugin/testdata/uppercase_secret.json diff --git a/plugin/plugin_test.go b/plugin/plugin_test.go index d53a3db..57516c6 100644 --- a/plugin/plugin_test.go +++ b/plugin/plugin_test.go @@ -242,3 +242,45 @@ func TestPlugin_KeyNotFound(t *testing.T) { return } } + +func TestPlugin_FindMismatchCase(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + out, _ := ioutil.ReadFile("testdata/uppercase_secret.json") + w.Write(out) + })) + defer ts.Close() + + client, _ := api.NewClient(&api.Config{ + Address: ts.URL, + MaxRetries: 1, + }) + + req := &secret.Request{ + Path: "secret/docker", + Name: "USERNAME", + Build: drone.Build{ + Event: "push", + Target: "master", + }, + Repo: drone.Repo{ + Slug: "octocat/hello-world", + }, + } + plugin := New(client) + got, err := plugin.Find(noContext, req) + if err != nil { + t.Error(err) + return + } + + want := &drone.Secret{ + Name: "USERNAME", + Data: "david", + Pull: true, + Fork: true, + } + if diff := cmp.Diff(got, want); diff != "" { + t.Errorf(diff) + return + } +} diff --git a/plugin/testdata/uppercase_secret.json b/plugin/testdata/uppercase_secret.json new file mode 100644 index 0000000..f16e5ad --- /dev/null +++ b/plugin/testdata/uppercase_secret.json @@ -0,0 +1,13 @@ +{ + "data": { + "Username": "david", + "password": "BnQw&XDWgaEeT9XGTT29", + "X-Drone-Repos":"octocat/*", + "X-Drone-Events":"tag,push", + "X-Drone-Branches":"master", + "timestmap": 2764800 + }, + "lease_duration": 2764800, + "renewable": false, + "request_id": "5e246671-ec05-6fc8-9f93-4fe4512f34ab" +}