Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add argument validation for ciphertool scripts #3110

Open
ashera96 opened this issue Sep 12, 2024 · 0 comments
Open

Add argument validation for ciphertool scripts #3110

ashera96 opened this issue Sep 12, 2024 · 0 comments
Labels
4.4.0 Component/APIM Type/NewFeature
Milestone
APIM 4.5.0

Comments

@ashera96
Copy link

Problem

We need to add argument validation for the ciphertool script files; ciphertool.sh and ciphertool.bat. When an invalid argument like –Dconfigure is passed, we continue with the encryption by prompting the user to provide further information. This is misleading as we should not be moving forward with the script execution if the arguments are invalid.

Prompts that follow for faulty arguments (this argument is faulty because is used instead of -) are shown below for reference:

➜  bin ./ciphertool.sh –Dconfigure

Encrypting using Primary KeyStore.
{type: JKS, alias: wso2carbon, path: <APIM-Pack>/repository/resources/security/wso2carbon.jks}

[Please Enter Primary KeyStore Password of Carbon Server : ]

Primary KeyStore of Carbon Server is initialized Successfully

[Enter Plain Text Value : ]
[Please Enter Value Again : ]

Encryption is done Successfully


Encrypted value is : 
CGafwK+wHGgpxNc1TSLYmP9cLraJiDUMRI10PJz9mxawIMHcAxwaerjIXqbgI58zemABLazOOqhrFJZw5Tj37SpxqlAMRH6hq8Oqa+PWG9DXddLHDkmP5yo/vBff2RgZJctTkg03uw03lpqD4iO+6jbGZW/Mol0L3J0/H2JjBIw4PqeFURVzohCKxrbV+BCGiGxzgS0EdUV2orhVYnaflP7UC0sUadaI8DUwziECXfFalNmDP5zMEtkfxu5StPvSxlQv1eABikttpE3ymd9UuDBCU/ryPALtDAy77os8W++hkIP8PN9/+/aX6c+3Bc7G7sLJEG91fCTNwzMyc9aMaw==

Solution

Validate whether the required arguments are provided for the script execution. If invalid arguments are detected, we need to log an error and terminate the execution.

For example:

  • expected command line argument: ./ciphertool.sh -Dconfigure
  • invalid command line arguments: ./ciphertool.sh –Dconfigure, ./ciphertool.sh configure, etc.

As for the script files that we have currently, we proceed with the encryption even though faulty arguments are passed. We should add a validation to ensure the arguments are passed as expected.

With a fix in play, the above command should be blocked like so:

➜  bin ./ciphertool.sh –Dconfigure
The '-Dconfigure' option is required to run this script correctly.

Affected Component

APIM

Version

4.4.0

Implementation

No response

Related Issues

No response

Suggested Labels

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
4.4.0 Component/APIM Type/NewFeature
Projects
None yet
Milestone
APIM 4.5.0
Development

No branches or pull requests
2 participants
@RakhithaRR @ashera96