1
0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-11-30 08:06:52 +02:00

validate secret yaml before encrypting

This commit is contained in:
Brad Rydzewski 2015-09-07 18:10:55 -07:00
parent 0c107337b3
commit 6e6790937f
2 changed files with 16 additions and 1 deletions

View File

@ -4,7 +4,7 @@ Drone allows you to store secret variables in an encrypted `.drone.sec` file in
An example `.drone.sec` yaml file, prior to being encryped:
```
```yaml
checksum: f63561783e550ccd21663d13eaf6a4d252d84147
environment:
- HEROKU_TOKEN=pa$$word

View File

@ -8,6 +8,7 @@ import (
"github.com/drone/drone/Godeps/_workspace/src/github.com/gin-gonic/gin"
"github.com/drone/drone/Godeps/_workspace/src/github.com/gin-gonic/gin/binding"
"github.com/drone/drone/Godeps/_workspace/src/gopkg.in/yaml.v2"
"github.com/drone/drone/pkg/hash"
"github.com/drone/drone/pkg/remote"
@ -261,7 +262,21 @@ func Encrypt(c *gin.Context) {
c.Fail(500, err)
return
}
// make sure the Yaml is valid format to prevent
// a malformed value from being used in the build
err = yaml.Unmarshal(in, &yaml.MapSlice{})
if err != nil {
c.Fail(500, err)
return
}
// we found some strange characters included in
// the yaml file when entered into a browser textarea.
// these need to be removed
in = bytes.Replace(in, []byte{'\xA0'}, []byte{' '}, -1)
// encrypts using go-jose
out, err := secure.Encrypt(string(in), repo.Keys.Private)
if err != nil {
c.Fail(500, err)