mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-29 17:52:32 +00:00
Fix potential panic in audit during header formatting (#22694)
This commit is contained in:
Peter Wilson
@@ -5,6 +5,7 @@ package audit
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
|
"reflect"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
@@ -150,9 +151,13 @@ func WithHMACAccessor(h bool) Option {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// WithHeaderFormatter provides an Option to supply a HeaderFormatter.
|
// WithHeaderFormatter provides an Option to supply a HeaderFormatter.
|
||||||
|
// If the HeaderFormatter interface supplied is nil (type or value), the option will not be applied.
|
||||||
func WithHeaderFormatter(f HeaderFormatter) Option {
|
func WithHeaderFormatter(f HeaderFormatter) Option {
|
||||||
return func(o *options) error {
|
return func(o *options) error {
|
||||||
o.withHeaderFormatter = f
|
if f != nil && !reflect.ValueOf(f).IsNil() {
|
||||||
|
o.withHeaderFormatter = f
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4,6 +4,7 @@
|
|||||||
package audit
|
package audit
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@@ -361,6 +362,45 @@ func TestOptions_WithOmitTime(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestOptions_WithHeaderFormatter exercises the WithHeaderFormatter Option to
|
||||||
|
// ensure it applies the option as expected under various circumstances.
|
||||||
|
func TestOptions_WithHeaderFormatter(t *testing.T) {
|
||||||
|
tests := map[string]struct {
|
||||||
|
Value HeaderFormatter
|
||||||
|
ExpectedValue HeaderFormatter
|
||||||
|
ShouldLeaveUninitialized bool
|
||||||
|
}{
|
||||||
|
"nil": {
|
||||||
|
Value: nil,
|
||||||
|
ExpectedValue: nil,
|
||||||
|
},
|
||||||
|
"unassigned-interface": {
|
||||||
|
ShouldLeaveUninitialized: true,
|
||||||
|
},
|
||||||
|
"happy-path": {
|
||||||
|
Value: &testHeaderFormatter{},
|
||||||
|
ExpectedValue: &testHeaderFormatter{},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for name, tc := range tests {
|
||||||
|
name := name
|
||||||
|
tc := tc
|
||||||
|
t.Run(name, func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
opts := &options{}
|
||||||
|
var f HeaderFormatter
|
||||||
|
if !tc.ShouldLeaveUninitialized {
|
||||||
|
f = tc.Value
|
||||||
|
}
|
||||||
|
applyOption := WithHeaderFormatter(f)
|
||||||
|
err := applyOption(opts)
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.Equal(t, tc.ExpectedValue, opts.withHeaderFormatter)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// TestOptions_Default exercises getDefaultOptions to assert the default values.
|
// TestOptions_Default exercises getDefaultOptions to assert the default values.
|
||||||
func TestOptions_Default(t *testing.T) {
|
func TestOptions_Default(t *testing.T) {
|
||||||
opts := getDefaultOptions()
|
opts := getDefaultOptions()
|
||||||
@@ -485,3 +525,12 @@ func TestOptions_Opts(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// testHeaderFormatter is a stub to prevent the need to import the vault package
|
||||||
|
// to bring in vault.AuditedHeadersConfig for testing.
|
||||||
|
type testHeaderFormatter struct{}
|
||||||
|
|
||||||
|
// ApplyConfig satisfied the HeaderFormatter interface for testing.
|
||||||
|
func (f *testHeaderFormatter) ApplyConfig(ctx context.Context, headers map[string][]string, salter Salter) (result map[string][]string, retErr error) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|||||||
3
changelog/22694.txt
Normal file
3
changelog/22694.txt
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
```release-note:bug
|
||||||
|
audit: Prevent panic due to nil pointer receiver for audit header formatting.
|
||||||
|
```
|
||||||
Reference in New Issue
Block a user