From 0cc39b31b92b86150590b208a3caafbf1e09ac09 Mon Sep 17 00:00:00 2001 From: Junjie Gao Date: Fri, 21 Jul 2023 00:33:55 +0800 Subject: [PATCH] fix: unset NOTATION_USERNAME and NOTATION_PASSWORD to avoid leaking credentials to plugin (#746) Fix:unset credentials env after read the value (Resolves #709) Signed-off-by: Junjie Gao --- cmd/notation/main.go | 6 ++++++ cmd/notation/main_test.go | 39 +++++++++++++++++++++++++++++++++++++++ test/e2e/plugin/main.go | 15 +++++++++++++++ 3 files changed, 60 insertions(+) create mode 100644 cmd/notation/main_test.go diff --git a/cmd/notation/main.go b/cmd/notation/main.go index 3ea4219e2..feb103aa3 100644 --- a/cmd/notation/main.go +++ b/cmd/notation/main.go @@ -26,6 +26,12 @@ func main() { Use: "notation", Short: "Notation - a tool to sign and verify artifacts", SilenceUsage: true, + PersistentPreRun: func(cmd *cobra.Command, args []string) { + // unset registry credentials after read the value from environment + // to avoid leaking credentials + os.Unsetenv(defaultUsernameEnv) + os.Unsetenv(defaultPasswordEnv) + }, } cmd.AddCommand( signCommand(nil), diff --git a/cmd/notation/main_test.go b/cmd/notation/main_test.go new file mode 100644 index 000000000..6c7722aa8 --- /dev/null +++ b/cmd/notation/main_test.go @@ -0,0 +1,39 @@ +// Copyright The Notary Project Authors. +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "os" + "testing" +) + +func Test_UnsetEnvCredential(t *testing.T) { + const notationUsername = "NOTATION_USERNAME" + const notationPassword = "NOTATION_PASSWORD" + // Set environment variables for testing + os.Setenv(notationUsername, "testuser") + os.Setenv(notationPassword, "testpassword") + os.Args = []string{"notation", "version"} + + main() + + // check credentials environment variables are unset + if os.Getenv(notationUsername) != "" { + t.Errorf("expected %s to be unset", notationUsername) + } + + if os.Getenv(notationPassword) != "" { + t.Errorf("expected %s to be unset", notationPassword) + } +} diff --git a/test/e2e/plugin/main.go b/test/e2e/plugin/main.go index 03d39670f..622cb97e5 100644 --- a/test/e2e/plugin/main.go +++ b/test/e2e/plugin/main.go @@ -15,16 +15,31 @@ package main import ( "encoding/json" + "errors" "os" + "github.com/notaryproject/notation-go/plugin/proto" "github.com/spf13/cobra" ) +const NOTATION_USERNAME = "NOTATION_USERNAME" +const NOTATION_PASSWORD = "NOTATION_PASSWORD" + func main() { cmd := &cobra.Command{ Use: "plugin for Notation E2E test", SilenceUsage: true, SilenceErrors: true, + PersistentPreRunE: func(cmd *cobra.Command, args []string) error { + // check registry credentials are eliminated + if os.Getenv(NOTATION_USERNAME) != "" || os.Getenv(NOTATION_PASSWORD) != "" { + return &proto.RequestError{ + Code: proto.ErrorCodeValidation, + Err: errors.New("registry credentials are not eliminated"), + } + } + return nil + }, } cmd.AddCommand(