Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support special characters in context signature #774

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

support special characters in context signature #774

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
137f381
support special characters in context signature without changing the …
evyaffe Jun 28, 2022
a0ddc4e
remove test focus
evyaffe Jun 28, 2022
7de8e9f
tests
evyaffe Jun 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions api/osb/context_signature_plugin.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ func (s *ContextSignaturePlugin) signContext(req *web.Request, next web.Handler)
return next.Handle(req)
}

reqBody, err := json.Marshal(reqBodyMap)
reqBody, err := marshalJSONNoHTMLEscape(reqBodyMap)
if err != nil {
log.C(req.Context()).Errorf("failed to marshal request body: %v", err)
return next.Handle(req)
Expand All @@ -98,7 +98,7 @@ func (cs *ContextSigner) Sign(ctx context.Context, contextMap map[string]interfa
log.C(ctx).Errorf(errorMsg)
return fmt.Errorf(errorMsg)
}
ctxByte, err := json.Marshal(contextMap)
ctxByte, err := marshalJSONNoHTMLEscape(contextMap)
if err != nil {
log.C(ctx).Errorf("failed to marshal context: %v", err)
return err
Expand Down
19 changes: 19 additions & 0 deletions api/osb/utils.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
package osb

import (
"bytes"
"context"
"encoding/json"
"fmt"
"github.com/Peripli/service-manager/pkg/client"
"github.com/Peripli/service-manager/pkg/log"
Expand Down Expand Up @@ -58,3 +60,20 @@ func Get(doRequestWithClient util.DoRequestWithClientFunc, brokerAPIVersion stri
return responseBytes, nil

}

func marshalJSONNoHTMLEscape(t interface{}) ([]byte, error) {
buffer := &bytes.Buffer{}
encoder := json.NewEncoder(buffer)
encoder.SetEscapeHTML(false)
if err := encoder.Encode(t); err != nil {
return nil, err
}

outputBytes := buffer.Bytes()
outputLen := len(outputBytes)
if outputLen > 0 && rune(outputBytes[outputLen-1]) == '\n' { // remove line break added by encoder.Encode (https://pkg.go.dev/encoding/json#Encoder.Encode)
return outputBytes[:outputLen-1], nil
}

return outputBytes, nil
}
57 changes: 57 additions & 0 deletions api/osb/utils_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
package osb

import (
"encoding/json"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)

var _ = Describe("OSB Controller Utils test", func() {
Describe("marshalJSONNoHTMLEscape", func() {
It("keeps special characters", func() {
inputMap := map[string]string{"ampersand": "a & b", "smallerThen": "a < b", "biggerThen": "a > b"}
expected := []byte(`{"ampersand":"a & b","biggerThen":"a > b","smallerThen":"a < b"}`)
notExpected := []byte(`{"ampersand":"a \u0026 b","biggerThen":"a \u003e b","smallerThen":"a \u003c b"}`)

marshalNoEscapeBytes, err := marshalJSONNoHTMLEscape(inputMap)
Expect(err).ToNot(HaveOccurred())
Expect(marshalNoEscapeBytes).To(Equal(expected))

marshalBytes, err := json.Marshal(inputMap)
Expect(err).ToNot(HaveOccurred())
Expect(marshalBytes).To(Equal(notExpected))

Expect(marshalNoEscapeBytes).ToNot(Equal(marshalBytes))
})

It("eliminates line break added in the end", func() {
inputMap := map[string]string{"prop": "val"}
expected := []byte(`{"prop":"val"}`)

marshalNoEscapeBytes, err := marshalJSONNoHTMLEscape(inputMap)
Expect(err).ToNot(HaveOccurred())
Expect(marshalNoEscapeBytes).To(Equal(expected))

marshalBytes, err := json.Marshal(inputMap)
Expect(err).ToNot(HaveOccurred())
Expect(marshalBytes).To(Equal(expected))

Expect(marshalNoEscapeBytes).To(Equal(marshalBytes))
})

It("returns empty byte array properly", func() {
inputMap := map[string]string{}
expected := []byte(`{}`)

marshalNoEscapeBytes, err := marshalJSONNoHTMLEscape(inputMap)
Expect(err).ToNot(HaveOccurred())
Expect(marshalNoEscapeBytes).To(Equal(expected))

marshalBytes, err := json.Marshal(inputMap)
Expect(err).ToNot(HaveOccurred())
Expect(marshalBytes).To(Equal(expected))

Expect(marshalNoEscapeBytes).To(Equal(marshalBytes))
})
})
})
14 changes: 5 additions & 9 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,13 @@ module github.com/Peripli/service-manager
go 1.14

require (
github.com/AlekSi/gocov-xml v1.0.0 // indirect
github.com/DATA-DOG/go-sqlmock v1.3.1-0.20180720083239-852fc940e4b9
github.com/InVisionApp/go-health v2.1.0+incompatible
github.com/InVisionApp/go-logger v1.0.1
github.com/Kount/pq-timeouts v1.0.0
github.com/Microsoft/go-winio v0.4.16 // indirect
github.com/ajg/form v1.5.1 // indirect
github.com/antlr/antlr4 v0.0.0-20210105192202-5c2b686f95e1
github.com/axw/gocov v1.1.0 // indirect
github.com/benjamintf1/unmarshalledmatchers v1.0.0
github.com/cloudfoundry-community/go-cfenv v1.17.1-0.20171115121958-e84b5c116637
github.com/containerd/containerd v1.4.3 // indirect
Expand All @@ -34,13 +32,12 @@ require (
github.com/gorilla/websocket v1.4.2
github.com/imkira/go-interpol v1.1.0 // indirect
github.com/jmoiron/sqlx v1.2.1-0.20201120164427-00c6e74d816a
github.com/jstemmer/go-junit-report v1.0.0 // indirect
github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 // indirect
github.com/klauspost/compress v1.11.6 // indirect
github.com/konsorten/go-windows-terminal-sequences v1.0.3 // indirect
github.com/kubernetes-sigs/go-open-service-broker-client v0.0.0-20180330214919-dca737037ce6
github.com/lib/pq v1.9.0
github.com/magiconair/properties v1.8.4 // indirect
github.com/mattn/go-colorable v0.1.8 // indirect
github.com/mitchellh/mapstructure v1.4.0
github.com/moby/term v0.0.0-20201216013528-df9cb8a40635 // indirect
github.com/morikuni/aec v1.0.0 // indirect
Expand All @@ -59,26 +56,25 @@ require (
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.3
github.com/spf13/viper v1.7.1
github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c // indirect
github.com/stretchr/testify v1.7.1 // indirect
github.com/tidwall/gjson v1.9.3
github.com/tidwall/sjson v1.1.4
github.com/ulule/limiter v2.2.2+incompatible
github.com/valyala/bytebufferpool v1.0.0 // indirect
github.com/valyala/fasthttp v1.34.0
github.com/valyala/fasthttp v1.38.0 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 // indirect
github.com/yudai/gojsondiff v0.0.0-20170107030110-7b1b7adf999d // indirect
github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect
github.com/yudai/pp v2.0.1+incompatible // indirect
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
golang.org/x/crypto v0.0.0-20220214200702-86341886e292
golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5
google.golang.org/appengine v1.6.7 // indirect
gopkg.in/DATA-DOG/go-sqlmock.v1 v1.3.0 // indirect
gopkg.in/ini.v1 v1.62.0 // indirect
gopkg.in/square/go-jose.v2 v2.5.1
gopkg.in/yaml.v2 v2.4.0
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
gotest.tools/gotestsum v1.8.0 // indirect
gotest.tools/v3 v3.0.3 // indirect
)

Expand Down
Loading