api-manager icon indicating copy to clipboard operation
api-manager copied to clipboard
verified publisher icon wso2

Add argument validation for ciphertool scripts

Open ashera96 opened this issue 1 year ago • 0 comments

Problem

We need to add argument validation for the ciphertool script files; ciphertool.sh and ciphertool.bat. When an invalid argument like –Dconfigure is passed, we continue with the encryption by prompting the user to provide further information. This is misleading as we should not be moving forward with the script execution if the arguments are invalid.

Prompts that follow for faulty arguments (this argument is faulty because is used instead of -) are shown below for reference:

➜  bin ./ciphertool.sh –Dconfigure

Encrypting using Primary KeyStore.
{type: JKS, alias: wso2carbon, path: <APIM-Pack>/repository/resources/security/wso2carbon.jks}

[Please Enter Primary KeyStore Password of Carbon Server : ]

Primary KeyStore of Carbon Server is initialized Successfully

[Enter Plain Text Value : ]
[Please Enter Value Again : ]

Encryption is done Successfully


Encrypted value is : 
CGafwK+wHGgpxNc1TSLYmP9cLraJiDUMRI10PJz9mxawIMHcAxwaerjIXqbgI58zemABLazOOqhrFJZw5Tj37SpxqlAMRH6hq8Oqa+PWG9DXddLHDkmP5yo/vBff2RgZJctTkg03uw03lpqD4iO+6jbGZW/Mol0L3J0/H2JjBIw4PqeFURVzohCKxrbV+BCGiGxzgS0EdUV2orhVYnaflP7UC0sUadaI8DUwziECXfFalNmDP5zMEtkfxu5StPvSxlQv1eABikttpE3ymd9UuDBCU/ryPALtDAy77os8W++hkIP8PN9/+/aX6c+3Bc7G7sLJEG91fCTNwzMyc9aMaw==

Solution

Validate whether the required arguments are provided for the script execution. If invalid arguments are detected, we need to log an error and terminate the execution.

For example:

  • expected command line argument: ./ciphertool.sh -Dconfigure
  • invalid command line arguments: ./ciphertool.sh –Dconfigure, ./ciphertool.sh configure, etc.

As for the script files that we have currently, we proceed with the encryption even though faulty arguments are passed. We should add a validation to ensure the arguments are passed as expected.

With a fix in play, the above command should be blocked like so:

➜  bin ./ciphertool.sh –Dconfigure
The '-Dconfigure' option is required to run this script correctly.

Affected Component

APIM

Version

4.4.0

Implementation

No response

Related Issues

No response

Suggested Labels

No response

ashera96 avatar Sep 12 '24 09:09 ashera96