1197570064

Committed 01 Mar 2024 06:24PM UTC coverage: 52.222% (-28.4%) from 80.645%

Build # 1197570064

Build Type

Pull #998

gitlab-ci

Committed by

web-flow

Commit Message

chore: bump github.com/Azure/azure-sdk-for-go/sdk/azcore

Bumps [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) from 1.9.1 to 1.10.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.9.1...sdk/azcore/v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Pull Request Pull Request #998: chore: bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.9.1 to 1.10.0

Run Details

5218 of 9992 relevant lines covered (52.22%)

0.55 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.33

/model/signature.go

// Copyright 2021 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.

package model

import (
        "crypto/hmac"
        "crypto/sha256"
        "encoding/base64"
        "fmt"
        "net/http"
        "time"

        validation "github.com/go-ozzo/ozzo-validation/v4"
        "github.com/pkg/errors"
)

const (
        ParamExpire    = "x-men-expire"
        ParamSignature = "x-men-signature"
        ParamTenantID  = "tenant_id"
)

var ErrLinkExpired = errors.New("URL expired")

type RequestSignature struct {
        *http.Request
        Secret []byte
}

func NewRequestSignature(req *http.Request, secret []byte) *RequestSignature {
        return &RequestSignature{
                Request: req,
                Secret:  secret,
        }
}

func (sig *RequestSignature) SetExpire(expire time.Time) {
        q := sig.URL.Query()
        q.Set(ParamExpire, expire.UTC().Format(time.RFC3339))
        sig.URL.RawQuery = q.Encode()
}

// Validate validates the request parameters - assumes that the signature is
// already signed.
func (sig *RequestSignature) Validate() error {
        q := sig.URL.Query()
        if err := validation.Validate(q, validation.Map(
                validation.Key(ParamExpire, validation.Required),
                validation.Key(ParamSignature, validation.Required),
        ).AllowExtraKeys()); err != nil {
                return err
        }
        ts, err := time.Parse(time.RFC3339, q.Get(ParamExpire))
        if err != nil {
                return errors.Errorf("parameter '%s' is not a valid timestamp", ParamExpire)
        }
        if time.Now().After(ts) {
                return ErrLinkExpired
        }
        return nil
}

// PresignURL generates and assign the request signature parameter and returning
// the resulting URL.
func (sig *RequestSignature) PresignURL() string {
        signature := sig.HMAC256()
        signature64 := base64.RawURLEncoding.EncodeToString(signature)

        q := sig.URL.Query()
        q.Set(ParamSignature, signature64)
        sig.URL.RawQuery = q.Encode()
        return sig.URL.String()
}

func (sig *RequestSignature) Bytes() []byte {
        // Bytes returns the byte digest for the HMAC256
        // The format is similar to s3 signed request with
        // <Method>\n<Canonical URI>\n<Canonical parameters>\n[<Canonical headers>]\n
        q := sig.URL.Query()
        return []byte(fmt.Sprintf(
                "%s\n%s\n%s=%s\n%s=%s\n",
                sig.Method, sig.URL.Path,
                ParamExpire, q.Get(ParamExpire),
                ParamTenantID, q.Get(ParamTenantID),
        ))
}

// VerifyHMAC256 verifies the request signature with the parameter.
func (sig *RequestSignature) VerifyHMAC256() bool {
        //nolint:errcheck
        q := sig.URL.Query()
        sign, _ := base64.RawURLEncoding.
                DecodeString(q.Get(ParamSignature))
        return hmac.Equal(sig.HMAC256(), sign)
}

//nolint:errcheck
func (sig *RequestSignature) HMAC256() []byte {
        hash := hmac.New(sha256.New, sig.Secret)
        hash.Write(sig.Bytes())
        return hash.Sum(nil)
}

1	// Copyright 2021 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14
15	package model
16
17	import (
18	"crypto/hmac"
19	"crypto/sha256"
20	"encoding/base64"
21	"fmt"
22	"net/http"
23	"time"
24
25	validation "github.com/go-ozzo/ozzo-validation/v4"
26	"github.com/pkg/errors"
27	)
28
29	const (
30	ParamExpire = "x-men-expire"
31	ParamSignature = "x-men-signature"
32	ParamTenantID = "tenant_id"
33	)
34
35	var ErrLinkExpired = errors.New("URL expired")
36
37	type RequestSignature struct {
38	*http.Request
39	Secret []byte
40	}
41
42	func NewRequestSignature(req http.Request, secret []byte) RequestSignature {	1✔
43	return &RequestSignature{	1✔
44	Request: req,	1✔
45	Secret: secret,	1✔
46	}	1✔
47	}	1✔
48
49	func (sig *RequestSignature) SetExpire(expire time.Time) {	1✔
50	q := sig.URL.Query()	1✔
51	q.Set(ParamExpire, expire.UTC().Format(time.RFC3339))	1✔
52	sig.URL.RawQuery = q.Encode()	1✔
53	}	1✔
54
55	// Validate validates the request parameters - assumes that the signature is
56	// already signed.
57	func (sig *RequestSignature) Validate() error {	1✔
58	q := sig.URL.Query()	1✔
59	if err := validation.Validate(q, validation.Map(	1✔
60	validation.Key(ParamExpire, validation.Required),	1✔
61	validation.Key(ParamSignature, validation.Required),	1✔
62	).AllowExtraKeys()); err != nil {	2✔
63	return err	1✔
64	}	1✔
65	ts, err := time.Parse(time.RFC3339, q.Get(ParamExpire))	1✔
66	if err != nil {	1✔
67	return errors.Errorf("parameter '%s' is not a valid timestamp", ParamExpire)	×
68	}	×
69	if time.Now().After(ts) {	1✔
70	return ErrLinkExpired	×
71	}	×
72	return nil	1✔
73	}
74
75	// PresignURL generates and assign the request signature parameter and returning
76	// the resulting URL.
77	func (sig *RequestSignature) PresignURL() string {	1✔
78	signature := sig.HMAC256()	1✔
79	signature64 := base64.RawURLEncoding.EncodeToString(signature)	1✔
80		1✔
81	q := sig.URL.Query()	1✔
82	q.Set(ParamSignature, signature64)	1✔
83	sig.URL.RawQuery = q.Encode()	1✔
84	return sig.URL.String()	1✔
85	}	1✔
86
87	func (sig *RequestSignature) Bytes() []byte {	1✔
88	// Bytes returns the byte digest for the HMAC256	1✔
89	// The format is similar to s3 signed request with	1✔
90	// <Method>\n<Canonical URI>\n<Canonical parameters>\n[<Canonical headers>]\n	1✔
91	q := sig.URL.Query()	1✔
92	return []byte(fmt.Sprintf(	1✔
93	"%s\n%s\n%s=%s\n%s=%s\n",	1✔
94	sig.Method, sig.URL.Path,	1✔
95	ParamExpire, q.Get(ParamExpire),	1✔
96	ParamTenantID, q.Get(ParamTenantID),	1✔
97	))	1✔
98	}	1✔
99
100	// VerifyHMAC256 verifies the request signature with the parameter.
101	func (sig *RequestSignature) VerifyHMAC256() bool {	1✔
102	//nolint:errcheck	1✔
103	q := sig.URL.Query()	1✔
104	sign, _ := base64.RawURLEncoding.	1✔
105	DecodeString(q.Get(ParamSignature))	1✔
106	return hmac.Equal(sig.HMAC256(), sign)	1✔
107	}	1✔
108
109	//nolint:errcheck
110	func (sig *RequestSignature) HMAC256() []byte {	1✔
111	hash := hmac.New(sha256.New, sig.Secret)	1✔
112	hash.Write(sig.Bytes())	1✔
113	return hash.Sum(nil)	1✔
114	}	1✔

mendersoftware / deployments / 1197570064

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous