gloves 0.5.11

seamless secret manager and handoff
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

use std::path::{Component, Path};

use chrono::Duration;

use crate::{
    error::{GlovesError, Result},
    types::SecretId,
};

pub(super) fn validate_vault_name(vault_name: &str) -> Result<()> {
    SecretId::new(vault_name)?;
    if vault_name.contains('/') {
        return Err(GlovesError::InvalidInput(
            "vault name cannot contain '/'".to_owned(),
        ));
    }
    Ok(())
}

pub(super) fn validate_ttl_minutes(ttl: Duration, max_ttl_minutes: u64) -> Result<u64> {
    let ttl_minutes = ttl.num_minutes();
    if ttl_minutes <= 0 {
        return Err(GlovesError::InvalidInput(
            "vault ttl must be positive".to_owned(),
        ));
    }
    let ttl_minutes_u64 = ttl_minutes as u64;
    if ttl_minutes_u64 > max_ttl_minutes {
        return Err(GlovesError::InvalidInput(format!(
            "vault ttl exceeds max of {max_ttl_minutes} minutes"
        )));
    }
    Ok(ttl_minutes_u64)
}

pub(super) fn validate_requested_file_path(requested_file: &str) -> Result<()> {
    if requested_file.is_empty() {
        return Err(GlovesError::InvalidInput(
            "requested file cannot be empty".to_owned(),
        ));
    }
    let path = Path::new(requested_file);
    if path.is_absolute() {
        return Err(GlovesError::InvalidInput(
            "requested file must be relative to vault root".to_owned(),
        ));
    }
    for component in path.components() {
        if matches!(component, Component::ParentDir) {
            return Err(GlovesError::InvalidInput(
                "requested file cannot use parent traversal".to_owned(),
            ));
        }
    }
    Ok(())
}

#[cfg(test)]
mod tests {
    use super::{validate_requested_file_path, validate_ttl_minutes, validate_vault_name};
    use chrono::Duration;

    #[test]
    fn validate_vault_name_rejects_path_segments() {
        validate_vault_name("agent-data").unwrap();

        let error = validate_vault_name("agent/data").unwrap_err();
        assert!(error.to_string().contains("cannot contain '/'"));
    }

    #[test]
    fn validate_ttl_minutes_enforces_positive_and_max_bounds() {
        assert_eq!(validate_ttl_minutes(Duration::minutes(30), 60).unwrap(), 30);

        let non_positive = validate_ttl_minutes(Duration::zero(), 60).unwrap_err();
        assert!(non_positive.to_string().contains("must be positive"));

        let too_large = validate_ttl_minutes(Duration::minutes(61), 60).unwrap_err();
        assert!(too_large.to_string().contains("exceeds max of 60 minutes"));
    }

    #[test]
    fn validate_requested_file_path_rejects_absolute_and_parent_paths() {
        validate_requested_file_path("logs/build.txt").unwrap();

        let empty = validate_requested_file_path("").unwrap_err();
        assert!(empty.to_string().contains("cannot be empty"));

        let absolute = validate_requested_file_path("/tmp/secret.txt").unwrap_err();
        assert!(absolute
            .to_string()
            .contains("must be relative to vault root"));

        let traversal = validate_requested_file_path("../secret.txt").unwrap_err();
        assert!(traversal
            .to_string()
            .contains("cannot use parent traversal"));
    }
}