Skip to content
Snippets Groups Projects
Unverified Commit 8b23f0ba authored by Jamie Magee's avatar Jamie Magee Committed by GitHub
Browse files

refactor: safely parse decrypted config (#20879)

parent 3390c34c
No related branches found
No related tags found
No related merge requests found
...@@ -6,6 +6,7 @@ import { maskToken } from '../util/mask'; ...@@ -6,6 +6,7 @@ import { maskToken } from '../util/mask';
import { regEx } from '../util/regex'; import { regEx } from '../util/regex';
import { addSecretForSanitizing } from '../util/sanitize'; import { addSecretForSanitizing } from '../util/sanitize';
import { GlobalConfig } from './global'; import { GlobalConfig } from './global';
import { DecryptedObject } from './schema';
import type { RenovateConfig } from './types'; import type { RenovateConfig } from './types';
export async function tryDecryptPgp( export async function tryDecryptPgp(
...@@ -92,8 +93,17 @@ export async function tryDecrypt( ...@@ -92,8 +93,17 @@ export async function tryDecrypt(
const decryptedObjStr = await tryDecryptPgp(privateKey, encryptedStr); const decryptedObjStr = await tryDecryptPgp(privateKey, encryptedStr);
if (decryptedObjStr) { if (decryptedObjStr) {
try { try {
const decryptedObj = JSON.parse(decryptedObjStr); const decryptedObj = DecryptedObject.safeParse(
const { o: org, r: repo, v: value } = decryptedObj; JSON.parse(decryptedObjStr)
);
// istanbul ignore if
if (!decryptedObj.success) {
const error = new Error('config-validation');
error.validationError = `Could not parse decrypted config.`;
throw error;
}
const { o: org, r: repo, v: value } = decryptedObj.data;
if (is.nonEmptyString(value)) { if (is.nonEmptyString(value)) {
if (is.nonEmptyString(org)) { if (is.nonEmptyString(org)) {
const orgName = org.replace(regEx(/\/$/), ''); // Strip trailing slash const orgName = org.replace(regEx(/\/$/), ''); // Strip trailing slash
......
import { z } from 'zod';
export const DecryptedObject = z.object({
o: z.string().optional(),
r: z.string().optional(),
v: z.string().optional(),
});
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment