From 1779fa0bbe59cd1276332f02e43deaa8d6c3b356 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebasti=C3=A1n=20Rodr=C3=ADguez=20Galarza?=
 <sebastian_rodriguezg@yahoo.com>
Date: Wed, 9 Mar 2022 17:46:33 -0600
Subject: [PATCH] fix(amplify-category-function): add length validation for
 secret value (#9812)

---
 .../secretValuesWalkthrough.test.ts                    | 10 ++++++++++
 .../service-walkthroughs/secretValuesWalkthrough.ts    |  8 ++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 packages/amplify-category-function/src/__tests__/provider-utils/awscloudformation/service-walkthroughs/secretValuesWalkthrough.test.ts

diff --git a/packages/amplify-category-function/src/__tests__/provider-utils/awscloudformation/service-walkthroughs/secretValuesWalkthrough.test.ts b/packages/amplify-category-function/src/__tests__/provider-utils/awscloudformation/service-walkthroughs/secretValuesWalkthrough.test.ts
new file mode 100644
index 00000000000..1caf0c070b9
--- /dev/null
+++ b/packages/amplify-category-function/src/__tests__/provider-utils/awscloudformation/service-walkthroughs/secretValuesWalkthrough.test.ts
@@ -0,0 +1,10 @@
+import { secretValueValidator } from '../../../../provider-utils/awscloudformation/service-walkthroughs/secretValuesWalkthrough';
+
+describe('Check not valid secret values', () => {
+  it('Empty value', () => {
+    expect(secretValueValidator('')).toEqual('Secret value must be between 1 and 2048 characters long');
+  });
+  it('Value over 2048 characters', () => {
+    expect(secretValueValidator('a'.repeat(2049))).toEqual('Secret value must be between 1 and 2048 characters long');
+  });
+});
diff --git a/packages/amplify-category-function/src/provider-utils/awscloudformation/service-walkthroughs/secretValuesWalkthrough.ts b/packages/amplify-category-function/src/provider-utils/awscloudformation/service-walkthroughs/secretValuesWalkthrough.ts
index 1e490b56118..c3f33ca82e1 100644
--- a/packages/amplify-category-function/src/provider-utils/awscloudformation/service-walkthroughs/secretValuesWalkthrough.ts
+++ b/packages/amplify-category-function/src/provider-utils/awscloudformation/service-walkthroughs/secretValuesWalkthrough.ts
@@ -176,12 +176,20 @@ const enterSecretName = async (invalidNames: string[]) =>
 
 const secretValueDefaultMessage = (secretName: string) => `Enter the value for ${secretName}:`;
 
+export const secretValueValidator = (input?: string) => {
+  if (typeof input !== 'string' || input.length === 0 || input.length > 2048) {
+    return 'Secret value must be between 1 and 2048 characters long';
+  }
+  return true;
+};
+
 const enterSecretValue = async (message: string) =>
   (
     await inquirer.prompt<{ secretValue: string }>({
       type: 'password',
       name: 'secretValue',
       message,
+      validate: secretValueValidator,
     })
   ).secretValue;