From 607a5d5d16b365165d8636e526ed92a2ea116719 Mon Sep 17 00:00:00 2001 From: Matt Rogers Date: Thu, 15 Aug 2024 10:53:35 +0100 Subject: [PATCH 1/3] fix: ensure certificates have pem header/footer --- .gitleaksignore | 1 + charts/snyk-broker/tests/broker_deployment_ca_test.yaml | 6 ++++++ charts/snyk-broker/values.schema.json | 3 ++- 3 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 .gitleaksignore diff --git a/.gitleaksignore b/.gitleaksignore new file mode 100644 index 0000000..5543df9 --- /dev/null +++ b/.gitleaksignore @@ -0,0 +1 @@ +charts/snyk-broker/tests/broker_deployment_ca_test.yaml:private-key:271 diff --git a/charts/snyk-broker/tests/broker_deployment_ca_test.yaml b/charts/snyk-broker/tests/broker_deployment_ca_test.yaml index 2ab0b38..d990d5d 100644 --- a/charts/snyk-broker/tests/broker_deployment_ca_test.yaml +++ b/charts/snyk-broker/tests/broker_deployment_ca_test.yaml @@ -265,3 +265,9 @@ tests: documentSelector: path: metadata.name value: RELEASE-NAME-snyk-broker-cacert-secret + + - it: rejects a non-PEM certificate + set: + caCertFile: "\n \n-----BEGIN RSA PRIVATE KEY-----\nCERTIFICATE GOES HERE\n-----END RSA PRIVATE KEY-----\n\n\n" + asserts: + - failedTemplate: {} diff --git a/charts/snyk-broker/values.schema.json b/charts/snyk-broker/values.schema.json index 0bae7a6..73642e3 100644 --- a/charts/snyk-broker/values.schema.json +++ b/charts/snyk-broker/values.schema.json @@ -262,7 +262,8 @@ "type": "string" }, "caCertFile": { - "type": "string" + "type": "string", + "pattern": "^$|^\\s*-----BEGIN CERTIFICATE-----(?:.|\\s)*-----END CERTIFICATE-----\\s*$" }, "disableCaCertTrust": { "type": "boolean" From 5a6177cb08c44fcd3eebf64a55a06928fd4aed47 Mon Sep 17 00:00:00 2001 From: Matt Rogers Date: Thu, 15 Aug 2024 10:55:21 +0100 Subject: [PATCH 2/3] fix: ensure certificates have pem header/footer --- .gitleaksignore | 1 - charts/snyk-broker/tests/broker_deployment_ca_test.yaml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) delete mode 100644 .gitleaksignore diff --git a/.gitleaksignore b/.gitleaksignore deleted file mode 100644 index 5543df9..0000000 --- a/.gitleaksignore +++ /dev/null @@ -1 +0,0 @@ -charts/snyk-broker/tests/broker_deployment_ca_test.yaml:private-key:271 diff --git a/charts/snyk-broker/tests/broker_deployment_ca_test.yaml b/charts/snyk-broker/tests/broker_deployment_ca_test.yaml index d990d5d..644fcb2 100644 --- a/charts/snyk-broker/tests/broker_deployment_ca_test.yaml +++ b/charts/snyk-broker/tests/broker_deployment_ca_test.yaml @@ -268,6 +268,6 @@ tests: - it: rejects a non-PEM certificate set: - caCertFile: "\n \n-----BEGIN RSA PRIVATE KEY-----\nCERTIFICATE GOES HERE\n-----END RSA PRIVATE KEY-----\n\n\n" + caCertFile: "\n \n-----BEGIN RSA PRIVATE KEY-----\nCERTIFICATE GOES HERE\n-----END RSA PRIVATE KEY-----\n\n\n" #gitleaks:allow asserts: - failedTemplate: {} From a3d6b7fc09cd3542c25a9af95daf4613bb636726 Mon Sep 17 00:00:00 2001 From: Matt Rogers Date: Thu, 15 Aug 2024 10:57:40 +0100 Subject: [PATCH 3/3] fix: gitleaksignore --- .gitleaksignore | 1 + charts/snyk-broker/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 .gitleaksignore diff --git a/.gitleaksignore b/.gitleaksignore new file mode 100644 index 0000000..5a80ba9 --- /dev/null +++ b/.gitleaksignore @@ -0,0 +1 @@ +607a5d5d16b365165d8636e526ed92a2ea116719:charts/snyk-broker/tests/broker_deployment_ca_test.yaml:private-key:271 diff --git a/charts/snyk-broker/Chart.yaml b/charts/snyk-broker/Chart.yaml index 7c35641..f408f9a 100644 --- a/charts/snyk-broker/Chart.yaml +++ b/charts/snyk-broker/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 name: snyk-broker -version: 2.7.2 +version: 2.7.3 description: A Helm chart for Kubernetes type: application