Skip to content

Commit 6a6d64f

Browse files
author
Kai Hendry
committed
Whitelist base64 decoding.
Add mefe_api_request_id
1 parent 8706cc8 commit 6a6d64f

File tree

4 files changed

+31
-22
lines changed

4 files changed

+31
-22
lines changed

process/main.go

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -308,20 +308,24 @@ SET @mefe_unit_id = '%s';
308308
SET @creation_datetime = '%s';
309309
SET @is_created_by_me = %d;
310310
SET @mefe_api_error_message = '%s';
311+
SET @mefe_api_request_id = '%s';
311312
CALL ut_creation_unit_mefe_api_reply;`
312313
filledSQL = fmt.Sprintf(templateSQL,
313314
act.UnitCreationRequestID,
314315
parsedResponse.ID,
315316
parsedResponse.Timestamp.Format(sqlTimeLayout),
316317
isCreatedByMe,
317-
errorMessage)
318+
errorMessage,
319+
act.MEFERequestID,
320+
)
318321
case "CREATE_USER":
319322
templateSQL := `SET @user_creation_request_id = %d;
320323
SET @mefe_user_id = '%s';
321324
SET @creation_datetime = '%s';
322325
SET @is_created_by_me = %d;
323326
SET @mefe_api_error_message = '%s';
324327
SET @mefe_user_api_key = '%s';
328+
SET @mefe_api_request_id = '%s';
325329
CALL ut_creation_user_mefe_api_reply;`
326330
filledSQL = fmt.Sprintf(templateSQL,
327331
act.UserCreationRequestID,
@@ -330,31 +334,36 @@ CALL ut_creation_user_mefe_api_reply;`
330334
isCreatedByMe,
331335
errorMessage,
332336
parsedResponse.MefeAPIkey,
337+
act.MEFERequestID,
333338
)
334339
case "ASSIGN_ROLE":
335340
templateSQL := `SET @id_map_user_unit_permissions = %d;
336341
SET @creation_datetime = '%s';
337342
SET @mefe_api_error_message = '%s';
343+
SET @mefe_api_request_id = '%s';
338344
CALL ut_creation_user_role_association_mefe_api_reply;`
339-
filledSQL = fmt.Sprintf(templateSQL, act.IDmapUserUnitPermissions, parsedResponse.Timestamp.Format(sqlTimeLayout), errorMessage)
345+
filledSQL = fmt.Sprintf(templateSQL, act.IDmapUserUnitPermissions, parsedResponse.Timestamp.Format(sqlTimeLayout), errorMessage, act.MEFERequestID)
340346
case "EDIT_USER":
341347
templateSQL := `SET @update_user_request_id = %d;
342348
SET @updated_datetime = '%s';
343349
SET @mefe_api_error_message = '%s';
350+
SET @mefe_api_request_id = '%s';
344351
CALL ut_update_user_mefe_api_reply;`
345-
filledSQL = fmt.Sprintf(templateSQL, act.UpdateUserRequestID, parsedResponse.Timestamp.Format(sqlTimeLayout), errorMessage)
352+
filledSQL = fmt.Sprintf(templateSQL, act.UpdateUserRequestID, parsedResponse.Timestamp.Format(sqlTimeLayout), errorMessage, act.MEFERequestID)
346353
case "EDIT_UNIT":
347354
templateSQL := `SET @update_unit_request_id = %d;
348355
SET @updated_datetime = '%s';
349356
SET @mefe_api_error_message = '%s';
357+
SET @mefe_api_request_id = '%s';
350358
CALL ut_update_unit_mefe_api_reply;`
351-
filledSQL = fmt.Sprintf(templateSQL, act.UpdateUnitRequestID, parsedResponse.Timestamp.Format(sqlTimeLayout), errorMessage)
359+
filledSQL = fmt.Sprintf(templateSQL, act.UpdateUnitRequestID, parsedResponse.Timestamp.Format(sqlTimeLayout), errorMessage, act.MEFERequestID)
352360
case "DEASSIGN_ROLE":
353361
templateSQL := `SET @remove_user_from_unit_request_id = %d;
354362
SET @updated_datetime = '%s';
355363
SET @mefe_api_error_message = '%s';
364+
SET @mefe_api_request_id = '%s';
356365
CALL ut_remove_user_role_association_mefe_api_reply;`
357-
filledSQL = fmt.Sprintf(templateSQL, act.RemoveUserFromUnitRequestID, parsedResponse.Timestamp.Format(sqlTimeLayout), errorMessage)
366+
filledSQL = fmt.Sprintf(templateSQL, act.RemoveUserFromUnitRequestID, parsedResponse.Timestamp.Format(sqlTimeLayout), errorMessage, act.MEFERequestID)
358367
default:
359368
return fmt.Errorf("Unknown type: %s, so no SQL template can be inferred", act.Type)
360369
}

push/main.go

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ func handler(ctx context.Context, evt json.RawMessage) error {
3030
log.WithError(err).Error("failed to load AWS config")
3131
return err
3232
}
33+
log.WithField("raw", string(evt)).Info("incoming")
3334
base64Decoding, err := digest(evt)
3435
if err != nil {
3536
log.WithError(err).Error("failed to decode payload")
@@ -95,15 +96,18 @@ func digest(evt json.RawMessage) (out json.RawMessage, err error) {
9596
log.WithField("input", input).Debug("input")
9697
if rec, ok := input.(map[string]interface{}); ok {
9798
for key, val := range rec {
98-
log.Debugf(" [========>] %s = %s", key, val)
99-
if val, ok := val.(string); ok {
100-
data, err := base64.StdEncoding.DecodeString(val)
101-
if err != nil {
102-
log.WithError(err).Debug("ignore not base64")
103-
data = []byte(val)
99+
log.Infof(" [========>] %s = %s", key, val)
100+
switch key {
101+
case "firstName", "lastName", "phoneNumber", "name", "moreInfo", "streetAddress", "city", "state":
102+
if val, ok := val.(string); ok {
103+
data, err := base64.StdEncoding.DecodeString(val)
104+
if err != nil {
105+
log.WithError(err).Debug("ignore not base64")
106+
data = []byte(val)
107+
}
108+
log.WithField("data", string(data)).Debug("decoded")
109+
rec[key] = string(data)
104110
}
105-
log.WithField("data", string(data)).Debug("decoded")
106-
rec[key] = string(data)
107111
}
108112
}
109113
out, err = json.Marshal(rec)

push/main_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -41,9 +41,9 @@ func Test_digest(t *testing.T) {
4141
args: args{
4242
// I don't know the structure of the JSON
4343
// All I know is that SOMETIMES field values can be base64 encoded
44-
evt: []byte(`{ "URL": "aHR0cHM6Ly9naXRodWIuY29tL3VuZWUtdC9iei1kYXRhYmFzZS9pc3N1ZXMvNzM=" }`),
44+
evt: []byte(`{ "name": "aHR0cHM6Ly9naXRodWIuY29tL3VuZWUtdC9iei1kYXRhYmFzZS9pc3N1ZXMvNzM=" }`),
4545
},
46-
wantOut: []byte(`{ "URL": "https://github.com/unee-t/bz-database/issues/73" }`),
46+
wantOut: []byte(`{ "name": "https://github.com/unee-t/bz-database/issues/73" }`),
4747
wantErr: false,
4848
},
4949
{
@@ -57,9 +57,9 @@ func Test_digest(t *testing.T) {
5757
{
5858
name: "Jožko",
5959
args: args{
60-
evt: []byte(`{"test 1": "Sm/FvmtvIE1ya3ZpxI1rw6EgMQ==", "test 2": "Sm/FvmtvIE1ya3ZpxI1rw6EgMg=="}`),
60+
evt: []byte(`{"streetAddress": "Sm/FvmtvIE1ya3ZpxI1rw6EgMQ==", "name": "Sm/FvmtvIE1ya3ZpxI1rw6EgMg==", "type": "Room"}`),
6161
},
62-
wantOut: []byte(`{"test 1": "Jožko Mrkvičká 1", "test 2": "Jožko Mrkvičká 2"}`),
62+
wantOut: []byte(`{"streetAddress": "Jožko Mrkvičká 1", "name": "Jožko Mrkvičká 2", "type": "Room"}`),
6363
wantErr: false,
6464
},
6565
}

tests/call-lambda.sh

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -34,8 +34,6 @@ done
3434
AWS_PROFILE=uneet-$STAGE
3535
shift "$((OPTIND-1))" # Discard the options and sentinel --
3636

37-
echo Connecting to ${STAGE^^}
38-
3937
if ! test -f "$1"
4038
then
4139
echo Missing JSON payload
@@ -55,14 +53,12 @@ acc() {
5553
esac
5654
}
5755

58-
echo Calling $STAGE with event $json
59-
6056
ssm() {
6157
aws --profile $AWS_PROFILE ssm get-parameters --names $1 --with-decryption --query Parameters[0].Value --output text
6258
}
6359

6460
echo mysql -h $(ssm MYSQL_HOST) -P 3306 -u $(ssm LAMBDA_INVOKER_USERNAME) --password=$(ssm LAMBDA_INVOKER_PASSWORD)
65-
if echo "CALL mysql.lambda_async( 'arn:aws:lambda:ap-southeast-1:$(acc $STAGE):function:ut_lambda2sqs_push', '$(jq -c . $json | phony --max 1)' );" |
61+
if echo "CALL mysql.lambda_async( 'arn:aws:lambda:ap-southeast-1:$(acc $STAGE):function:ut_lambda2sqs_push', '$(jq -c . $json)' );" |
6662
mysql -h $(ssm MYSQL_HOST) -P 3306 -u $(ssm LAMBDA_INVOKER_USERNAME) --password=$(ssm LAMBDA_INVOKER_PASSWORD)
6763
then
6864
echo YES

0 commit comments

Comments
 (0)