chef-vault icon indicating copy to clipboard operation
chef-vault copied to clipboard

Published 20 hours ago verified publisher icon chef

Faulty regex and usage of to_s triggers unwanted warning

Open mariastroe opened this issue 4 years ago • 2 comments

Version:

chef-vault-4.1.3

Environment:

Alpine Linux

Scenario:

As the new version of the chef-vault gem was released (4.1.3), when doing
knife vault create env secrets -M client -J creds.json -A admin1 -C "client1,client2" it shows a warning WARN: Value '[{:api_version=>"api/v3", :metadata=>{}, :data=>{:enabled=>true, :groups=>["test"], :password=>"testpass", :username=>"test"}, :type=>"User"}]' of key 'users' contains non-printable characters. Check that backslashes are escaped with another backslash (e.g. C:\\Windows) in double-quoted strings.

Expected Result:

Not printing any warning. Not printing the value of the key in the warning. An accurate suggestion in the warning because in my case i don't have any backslashes but actually whitespaces.

Additional Context:

In lib/chef/knife/mixin/helper.rb, the printable? function uses match (which returns a MatchData object when a match is found, or nil if no matches found) instead of match? (which actually returns true if match is found and false if not, as stated in the comments). Also, because of the usage of to_s in printable?(value.to_s), the value is pretty-printed and matches the [[:space:]] if you have values like "a b c" or like mine (in the scenario above). Leaving the regex just with [^[:print:]] like it was before would solve the problem and not trigger any warning.

mariastroe avatar Sep 08 '21 17:09 mariastroe

This is a major issue. For example, warning is triggered for nested json objects, which are perfectly valid but due to to_s conversion include spaces as field separators. Another big issue is with valid json strings which contain LF, CR etc escape sequences. According to JSON spec, escape sequences are perfectly valid.

perfectly valid json but vault's validator does not validate as to_s

{
   "dummy": {
       "test1": 1,
       "test2": 2
   }
}

to_s converts the value of the key "dummy" to a string like this {:test1=>1, :test2=>2}

Issue with escape sequences

{
"dummy": "aaaa\naaaa\n"
}

Again perfectly valid json with string value, which includes \n escape sequence. Strict RFC 4627 spec based validator validates this example but once again method validate_json triggers warning.

jkimalane avatar Dec 02 '21 13:12 jkimalane

@mariastroe @vkarve-chef The biggest issue here is that the warning leaks/displays the value. Can this get fixed ASAP please?

splatteredbits avatar Jun 13 '23 17:06 splatteredbits