Merge branch 'release/v1.1.18'

onelogin · Sep 20, 2021 · d0b2fb7 · d0b2fb7
2 parents e87fafd + 506e3cd
commit d0b2fb7
Show file tree

Hide file tree

Showing 31 changed files with 449 additions and 208 deletions.
diff --git a/.github/workflows/git-secrets-public.yml b/.github/workflows/git-secrets-public.yml
@@ -0,0 +1,55 @@
+name: git-secrets
+
+on: [push,pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:        
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          path: source
+
+      - name: Install git-secrets
+        shell: bash
+        run: |
+            cd ..
+            echo 'cloning https://github.com/awslabs/git-secrets.git'
+            git clone https://github.com/awslabs/git-secrets.git
+            cd git-secrets
+            echo 'installing git-secrets'
+            sudo make install   
+      - name: Add Rules
+        shell: bash
+        run: |
+          cd source
+          echo 'running git-secrets'
+          pwd
+          git secrets --add '[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"~\\s]'
+          git secrets --add 'AIza[0-9A-Za-z\\-_]{35}'
+          git secrets --add 'LS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tL[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add 'LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tL[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add 'LS0tLS1CRUdJTiBEU0EgUFJJVkFURSBLRVktLS0tL[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add 'LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0t[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add 'LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS[%a-zA-Z0-9+/]+={0,2}'
+          git secrets --add '(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'
+          git secrets --add '[Tt][Ww][Ii][Tt][Tt][Ee][Rr][^/]{0,50}[0-9a-zA-Z]{35,44}'
+          git secrets --add '[Hh][Oo][Cc][Kk][Ee][Yy].{0,50}(\\\"|~|`)?[0-9a-f]{32}(\\\"|~|`)?'
+          git secrets --add '(QTNU|QUtJQ|QUdQQ|QUlEQ|QVJPQ|QUlQQ|QU5QQ|QU5WQ|QVNJQ)[%a-zA-Z0-9+/]{20,24}={0,2}'
+          git secrets --add 'ya29\\.[0-9A-Za-z\\-_]+'
+          git secrets --add 'https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'
+          git secrets --add '[0-9a-f]{32}-us[0-9]{1,2}'
+          git secrets --add '[Ss][Aa][Uu][Cc][Ee].{0,50}(\\\"|~|`)?[0-9a-f-]{36}(\\\"|~|`)?'
+          git secrets --add '[Ff][Aa][Cc][Ee][Bb][Oo][Oo][Kk][^/]{0,50}(\\\"|~|`)?[0-9a-f]{32}(\\\"|~|`)?'
+          git secrets --add --allowed 'https:\/\/\#\{GITHUB_TOKEN\}:\#\{GITHUB_USERNAME\}@github.*'
+          git secrets --add --allowed 'AKIA[a-zA-Z0-9]{16}'
+          git secrets --add --allowed 'AIzaSyCi9HqVYImAgkqMCG0QmBUXAIfM5lyv_QU'
+          sed -i -e "s/~/'/g" .git/config
+      - name: Run Scan
+        shell: bash
+        run: |
+          cd source
+          git secrets --scan
+          echo 'Secrets found in this repo? You can install git-secrets locally to catch these issues pre-commit : https://github.com/awslabs/git-secrets' 
diff --git a/internal/test/test_repository.go b/internal/test/test_repository.go
@@ -5,8 +5,8 @@ import (
 )
 
 type MockRepository struct {
-	ReadFunc      func(r interface{}) ([]byte, error)
-	ReReadFunc    []func(r interface{}) ([]byte, error)
+	ReadFunc      func(r interface{}) ([][]byte, error)
+	ReReadFunc    []func(r interface{}) ([][]byte, error)
 	CreateFunc    func(r interface{}) ([]byte, error)
 	SubCreateFunc []func(r interface{}) ([]byte, error)
 	UpdateFunc    func(r interface{}) ([]byte, error)
@@ -20,7 +20,7 @@ type MockRepository struct {
 // response based on request parameters such as the request URL. A ReReadFunc is allowed
 // because RESTful reads are idempotent, however, you may want to mock a subsequent read,
 // following an error recovery scenario where some updates were saved, but others were abandoned.
-func (mr *MockRepository) Read(r interface{}) ([]byte, error) {
+func (mr *MockRepository) Read(r interface{}) ([][]byte, error) {
 	if mr.ReReads > 0 && len(mr.ReReadFunc) > 0 {
 		mr.ReReads++
 		return mr.ReReadFunc[mr.ReReads-2](r)

diff --git a/pkg/services/apps/app_rules/app_rules_test.go b/pkg/services/apps/app_rules/app_rules_test.go
@@ -38,13 +38,14 @@ func TestQuery(t *testing.T) {
 				Actions:    []AppRuleActions{{Action: oltypes.String("test"), Value: []string{"test"}, Expression: oltypes.String(".*")}}},
 			},
 			repository: &test.MockRepository{
-				ReadFunc: func(r interface{}) ([]byte, error) {
-					return json.Marshal([]AppRule{AppRule{
+				ReadFunc: func(r interface{}) ([][]byte, error) {
+					b, err := json.Marshal([]AppRule{AppRule{
 						ID:         oltypes.Int32(1),
 						Name:       oltypes.String("name"),
 						Conditions: []AppRuleConditions{{Source: oltypes.String("test"), Operator: oltypes.String(">"), Value: oltypes.String("90")}},
 						Actions:    []AppRuleActions{{Action: oltypes.String("test"), Value: []string{"test"}, Expression: oltypes.String(".*")}}},
 					})
+					return [][]byte{b}, err
 				},
 			},
 		},
@@ -53,7 +54,7 @@ func TestQuery(t *testing.T) {
 			mockLegalValues: &MockLegalValuesService{},
 			expectedError:   errors.New("error"),
 			repository: &test.MockRepository{
-				ReadFunc: func(r interface{}) ([]byte, error) {
+				ReadFunc: func(r interface{}) ([][]byte, error) {
 					return nil, errors.New("error")
 				},
 			},
@@ -63,8 +64,9 @@ func TestQuery(t *testing.T) {
 			mockLegalValues:  &MockLegalValuesService{},
 			expectedResponse: []AppRule{AppRule{}},
 			repository: &test.MockRepository{
-				ReadFunc: func(r interface{}) ([]byte, error) {
-					return json.Marshal([]AppRule{AppRule{}})
+				ReadFunc: func(r interface{}) ([][]byte, error) {
+					b, err := json.Marshal([]AppRule{AppRule{}})
+					return [][]byte{b}, err
 				},
 			},
 		},
@@ -100,13 +102,14 @@ func TestGetOne(t *testing.T) {
 				Actions:    []AppRuleActions{{Action: oltypes.String("test"), Value: []string{"test"}, Expression: oltypes.String(".*")}},
 			},
 			repository: &test.MockRepository{
-				ReadFunc: func(r interface{}) ([]byte, error) {
-					return json.Marshal(AppRule{
+				ReadFunc: func(r interface{}) ([][]byte, error) {
+					b, err := json.Marshal(AppRule{
 						ID:         oltypes.Int32(1),
 						Name:       oltypes.String("name"),
 						Conditions: []AppRuleConditions{{Source: oltypes.String("test"), Operator: oltypes.String(">"), Value: oltypes.String("90")}},
 						Actions:    []AppRuleActions{{Action: oltypes.String("test"), Value: []string{"test"}, Expression: oltypes.String(".*")}},
 					})
+					return [][]byte{b}, err
 				},
 			},
 		},
@@ -116,7 +119,7 @@ func TestGetOne(t *testing.T) {
 			mockLegalValues: &MockLegalValuesService{},
 			expectedError:   errors.New("error"),
 			repository: &test.MockRepository{
-				ReadFunc: func(r interface{}) ([]byte, error) {
+				ReadFunc: func(r interface{}) ([][]byte, error) {
 					return nil, errors.New("error")
 				},
 			},
@@ -127,8 +130,9 @@ func TestGetOne(t *testing.T) {
 			mockLegalValues:  &MockLegalValuesService{},
 			expectedResponse: &AppRule{},
 			repository: &test.MockRepository{
-				ReadFunc: func(r interface{}) ([]byte, error) {
-					return json.Marshal([]AppRule{AppRule{}})
+				ReadFunc: func(r interface{}) ([][]byte, error) {
+					b, err := json.Marshal([]AppRule{AppRule{}})
+					return [][]byte{b}, err
 				},
 			},
 		},

diff --git a/pkg/services/apps/app_rules/v2.go b/pkg/services/apps/app_rules/v2.go
@@ -44,7 +44,13 @@ func (svc *V2Service) Query(query *AppRuleQuery) ([]AppRule, error) {
 	}
 
 	var appRules []AppRule
-	json.Unmarshal(resp, &appRules)
+
+	for _, bytes := range resp {
+		var unmarshalled []AppRule
+		json.Unmarshal(bytes, &unmarshalled)
+		appRules = append(appRules, unmarshalled...)
+	}
+
 	return appRules, nil
 }
 
@@ -61,7 +67,10 @@ func (svc *V2Service) GetOne(appId int32, id int32) (*AppRule, error) {
 	}
 
 	var appRule AppRule
-	json.Unmarshal(resp, &appRule)
+	if len(resp) < 1 {
+		return nil, errors.New("invalid length of response returned")
+	}
+	json.Unmarshal(resp[0], &appRule)
 	return &appRule, nil
 }
 

diff --git a/pkg/services/apps/apps_test.go b/pkg/services/apps/apps_test.go
@@ -24,8 +24,9 @@ func TestQuery(t *testing.T) {
 				App{ID: oltypes.Int32(1), Name: oltypes.String("name")},
 			},
 			repository: &test.MockRepository{
-				ReadFunc: func(r interface{}) ([]byte, error) {
-					return json.Marshal([]App{App{ID: oltypes.Int32(1), Name: oltypes.String("name")}})
+				ReadFunc: func(r interface{}) ([][]byte, error) {
+					b, err := json.Marshal([]App{App{ID: oltypes.Int32(1), Name: oltypes.String("name")}})
+					return [][]byte{b}, err
 				},
 			},
 		},
@@ -36,12 +37,13 @@ func TestQuery(t *testing.T) {
 				App{ID: oltypes.Int32(1), Name: oltypes.String("name2")},
 			},
 			repository: &test.MockRepository{
-				ReadFunc: func(r interface{}) ([]byte, error) {
+				ReadFunc: func(r interface{}) ([][]byte, error) {
 					availableApps := []App{
 						App{ID: oltypes.Int32(1), Name: oltypes.String("name")},
 						App{ID: oltypes.Int32(1), Name: oltypes.String("name2")},
 					}
-					return json.Marshal(availableApps)
+					b, err := json.Marshal(availableApps)
+					return [][]byte{b}, err
 				},
 			},
 		},
@@ -55,8 +57,9 @@ func TestQuery(t *testing.T) {
 			queryPayload:     &AppsQuery{Name: "???"},
 			expectedResponse: []App{},
 			repository: &test.MockRepository{
-				ReadFunc: func(r interface{}) ([]byte, error) {
-					return json.Marshal([]App{})
+				ReadFunc: func(r interface{}) ([][]byte, error) {
+					b, err := json.Marshal([]App{})
+					return [][]byte{b}, err
 				},
 			},
 		},
@@ -84,8 +87,9 @@ func TestGetOne(t *testing.T) {
 			id:               int32(1),
 			expectedResponse: &App{ID: oltypes.Int32(1), Name: oltypes.String("name")},
 			repository: &test.MockRepository{
-				ReadFunc: func(r interface{}) ([]byte, error) {
-					return json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("name")})
+				ReadFunc: func(r interface{}) ([][]byte, error) {
+					b, err := json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("name")})
+					return [][]byte{b}, err
 				},
 			},
 		},
@@ -128,8 +132,9 @@ func TestUpdate(t *testing.T) {
 				UpdateFunc: func(r interface{}) ([]byte, error) {
 					return json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("updated")})
 				},
-				ReadFunc: func(r interface{}) ([]byte, error) {
-					return json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("updated")})
+				ReadFunc: func(r interface{}) ([][]byte, error) {
+					b, err := json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("updated")})
+					return [][]byte{b}, err
 				},
 			},
 		},
@@ -154,11 +159,13 @@ func TestUpdate(t *testing.T) {
 				UpdateFunc: func(r interface{}) ([]byte, error) {
 					return json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("name"), Parameters: map[string]AppParameters{"test": AppParameters{ID: oltypes.Int32(1)}}})
 				},
-				ReadFunc: func(r interface{}) ([]byte, error) {
-					return json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("name")})
+				ReadFunc: func(r interface{}) ([][]byte, error) {
+					b, err := json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("name")})
+					return [][]byte{b}, err
 				},
-				ReReadFunc: []func(r interface{}) ([]byte, error){func(r interface{}) ([]byte, error) {
-					return json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("name")})
+				ReReadFunc: []func(r interface{}) ([][]byte, error){func(r interface{}) ([][]byte, error) {
+					b, err := json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("name")})
+					return [][]byte{b}, err
 				}},
 				DestroyFunc: func(r interface{}) ([]byte, error) {
 					return nil, nil
@@ -180,11 +187,13 @@ func TestUpdate(t *testing.T) {
 				UpdateFunc: func(r interface{}) ([]byte, error) {
 					return json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("name"), Parameters: map[string]AppParameters{"test": AppParameters{ID: oltypes.Int32(1)}}})
 				},
-				ReadFunc: func(r interface{}) ([]byte, error) {
-					return json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("name"), Parameters: map[string]AppParameters{"test": AppParameters{ID: oltypes.Int32(1)}}})
+				ReadFunc: func(r interface{}) ([][]byte, error) {
+					b, err := json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("name"), Parameters: map[string]AppParameters{"test": AppParameters{ID: oltypes.Int32(1)}}})
+					return [][]byte{b}, err
 				},
-				ReReadFunc: []func(r interface{}) ([]byte, error){func(r interface{}) ([]byte, error) {
-					return json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("name"), Parameters: map[string]AppParameters{"test": AppParameters{ID: oltypes.Int32(1)}}})
+				ReReadFunc: []func(r interface{}) ([][]byte, error){func(r interface{}) ([][]byte, error) {
+					b, err := json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("name"), Parameters: map[string]AppParameters{"test": AppParameters{ID: oltypes.Int32(1)}}})
+					return [][]byte{b}, err
 				}},
 				DestroyFunc: func(r interface{}) ([]byte, error) {
 					return nil, errors.New("error")
@@ -258,8 +267,9 @@ func TestCreate(t *testing.T) {
 					resp := App{Name: app.Name, ID: app.ID}
 					return json.Marshal(resp)
 				},
-				ReadFunc: func(r interface{}) ([]byte, error) {
-					return json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("name")})
+				ReadFunc: func(r interface{}) ([][]byte, error) {
+					b, err := json.Marshal(App{ID: oltypes.Int32(1), Name: oltypes.String("name")})
+					return [][]byte{b}, err
 				},
 			},
 		},

diff --git a/pkg/services/apps/v2.go b/pkg/services/apps/v2.go
@@ -40,7 +40,15 @@ func (svc *V2Service) Query(query *AppsQuery) ([]App, error) {
 	}
 
 	var apps []App
-	json.Unmarshal(resp, &apps)
+	for _, bytes := range resp {
+		var unmarshalled []App
+		json.Unmarshal(bytes, &unmarshalled)
+		if len(apps) == 0 {
+			apps = unmarshalled
+		} else {
+			apps = append(apps, unmarshalled...)
+		}
+	}
 
 	return apps, nil
 }
@@ -58,7 +66,10 @@ func (svc *V2Service) GetOne(id int32) (*App, error) {
 	}
 
 	var app App
-	json.Unmarshal(resp, &app)
+	if len(resp) < 1 {
+		return nil, errors.New("invalid length of response returned")
+	}
+	json.Unmarshal(resp[0], &app)
 
 	return &app, nil
 }

diff --git a/pkg/services/auth_servers/access_token_claims/access_token_claims_test.go b/pkg/services/auth_servers/access_token_claims/access_token_claims_test.go
@@ -43,8 +43,8 @@ func TestQuery(t *testing.T) {
 				},
 			},
 			repository: &test.MockRepository{
-				ReadFunc: func(r interface{}) ([]byte, error) {
-					return json.Marshal([]AccessTokenClaim{
+				ReadFunc: func(r interface{}) ([][]byte, error) {
+					b, err := json.Marshal([]AccessTokenClaim{
 						AccessTokenClaim{
 							ID:                       oltypes.Int32(int32(1)),
 							Label:                    oltypes.String("label"),
@@ -68,14 +68,15 @@ func TestQuery(t *testing.T) {
 							ProvisionedEntitlements:  oltypes.Bool(true),
 						},
 					})
+					return [][]byte{b}, err
 				},
 			},
 		},
 		"it reports an error": {
 			queryPayload:  &AccessTokenClaimsQuery{AuthServerID: "1"},
 			expectedError: errors.New("error"),
 			repository: &test.MockRepository{
-				ReadFunc: func(r interface{}) ([]byte, error) {
+				ReadFunc: func(r interface{}) ([][]byte, error) {
 					return nil, errors.New("error")
 				},
 			},

diff --git a/pkg/services/auth_servers/access_token_claims/v2.go b/pkg/services/auth_servers/access_token_claims/v2.go
@@ -39,7 +39,11 @@ func (svc *V2Service) Query(query *AccessTokenClaimsQuery) ([]AccessTokenClaim,
 	}
 
 	var accessTokenClaims []AccessTokenClaim
-	json.Unmarshal(resp, &accessTokenClaims)
+	for _, bytes := range resp {
+		var unmarshalled []AccessTokenClaim
+		json.Unmarshal(bytes, &unmarshalled)
+		accessTokenClaims = append(accessTokenClaims, unmarshalled...)
+	}
 	return accessTokenClaims, nil
 }