fix: ensure certificates have pem header/footer

snyk · Aug 15, 2024 · 607a5d5 · 607a5d5
1 parent a0a6dab
commit 607a5d5
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/.gitleaksignore b/.gitleaksignore
@@ -0,0 +1 @@
+charts/snyk-broker/tests/broker_deployment_ca_test.yaml:private-key:271
diff --git a/charts/snyk-broker/tests/broker_deployment_ca_test.yaml b/charts/snyk-broker/tests/broker_deployment_ca_test.yaml
@@ -265,3 +265,9 @@ tests:
         documentSelector:
           path: metadata.name
           value: RELEASE-NAME-snyk-broker-cacert-secret
+
+  - it: rejects a non-PEM certificate
+    set:
+      caCertFile: "\n  \n-----BEGIN RSA PRIVATE KEY-----\nCERTIFICATE GOES HERE\n-----END RSA PRIVATE KEY-----\n\n\n"
+    asserts:
+      - failedTemplate: {}
diff --git a/charts/snyk-broker/values.schema.json b/charts/snyk-broker/values.schema.json
@@ -262,7 +262,8 @@
       "type": "string"
     },
     "caCertFile": {
-      "type": "string"
+      "type": "string",
+      "pattern": "^$|^\\s*-----BEGIN CERTIFICATE-----(?:.|\\s)*-----END CERTIFICATE-----\\s*$"
     },
     "disableCaCertTrust": {
       "type": "boolean"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		charts/snyk-broker/tests/broker_deployment_ca_test.yaml:private-key:271