fix(pipeline_templates): prevent expression evaluation during templat…

…e update operation (#1573)
spinnaker · Aug 24, 2017 · b3687ed · b3687ed
1 parent 64fee8b
commit b3687ed
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 22 deletions.
diff --git a/orca-core/src/main/groovy/com/netflix/spinnaker/orca/pipeline/model/Stage.java b/orca-core/src/main/groovy/com/netflix/spinnaker/orca/pipeline/model/Stage.java
@@ -340,6 +340,27 @@ public <O> O mapTo(String pointer, Class<O> type) {
     }
   }
 
+  public <O> O decodeBase64(String pointer, Class<O> type) {
+    return decodeBase64(pointer, type, objectMapper);
+  }
+
+  public <O> O decodeBase64(String pointer, Class<O> type, ObjectMapper objectMapper) {
+    byte[] data;
+    try {
+      TreeTraversingParser parser = new TreeTraversingParser(getPointer(pointer != null ? pointer : "", contextToNode()), objectMapper);
+      parser.nextToken();
+      data = Base64.getDecoder().decode(parser.getText());
+    } catch (IOException e) {
+      throw new IllegalArgumentException("Value in stage context at pointer " + pointer + " is not base 64 encoded", e);
+    }
+
+    try {
+      return objectMapper.readValue(data, type);
+    } catch (IOException e) {
+      throw new RuntimeException("Could not convert " + new String(data) + " to " + type.getSimpleName());
+    }
+  }
+
   private JsonNode getPointer(String pointer, ObjectNode rootNode) {
     return pointer != null ? rootNode.at(pointer) : rootNode;
   }

diff --git a/orca-front50/src/main/groovy/com/netflix/spinnaker/orca/front50/tasks/SavePipelineTask.java b/orca-front50/src/main/groovy/com/netflix/spinnaker/orca/front50/tasks/SavePipelineTask.java
@@ -29,7 +29,6 @@
 import org.springframework.stereotype.Component;
 import retrofit.client.Response;
 
-import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Base64;
 import java.util.HashMap;
@@ -72,16 +71,10 @@ public TaskResult execute(Stage stage) {
     } catch (IllegalArgumentException e) {
       throw new IllegalArgumentException("pipeline must be encoded as base64", e);
     }
-
-    Map<String, Object> pipeline;
-    try {
-      pipeline = objectMapper.readValue(pipelineData, Map.class);
-    } catch (IOException e) {
-      throw new RuntimeException("Could not convert pipeline to map", e);
-    }
-
     log.info("Expanded encoded pipeline:" + new String(pipelineData));
 
+    Map<String, Object> pipeline = (Map<String, Object>) stage.decodeBase64("/pipeline", Map.class);
+
     pipelineModelMutators.stream().filter(m -> m.supports(pipeline)).forEach(m -> m.mutate(pipeline));
 
     Response response = front50Service.savePipeline(pipeline);

diff --git a/...in/java/com/netflix/spinnaker/orca/pipelinetemplate/tasks/CreatePipelineTemplateTask.java b/...in/java/com/netflix/spinnaker/orca/pipelinetemplate/tasks/CreatePipelineTemplateTask.java
@@ -51,16 +51,23 @@ public TaskResult execute(Stage stage) {
       throw new IllegalArgumentException("Missing required task parameter (pipelineTemplate)");
     }
 
-    PipelineTemplate pipelineTemplate;
-    try {
-      pipelineTemplate = pipelineTemplateObjectMapper.convertValue(stage.getContext().get("pipelineTemplate"), PipelineTemplate.class);
-    } catch (IllegalArgumentException e) {
-      throw new IllegalArgumentException("Pipeline template task parameter is not valid", e);
+    if (!(stage.getContext().get("pipelineTemplate") instanceof String)) {
+      throw new IllegalArgumentException("'pipelineTemplate' context key must be a base64-encoded string: Ensure you're on the most recent version of gate");
     }
 
+    PipelineTemplate pipelineTemplate = (PipelineTemplate) stage.decodeBase64(
+      "/pipelineTemplate",
+      PipelineTemplate.class,
+      pipelineTemplateObjectMapper
+    );
+
     validate(pipelineTemplate);
 
-    Response response = front50Service.savePipelineTemplate((Map<String, Object>) stage.getContext().get("pipelineTemplate"));
+    Response response = front50Service.savePipelineTemplate((Map<String, Object>) stage.decodeBase64(
+      "/pipelineTemplate",
+      Map.class,
+      pipelineTemplateObjectMapper
+    ));
 
     // TODO rz - app & account context?
     Map<String, Object> outputs = new HashMap<>();

diff --git a/...in/java/com/netflix/spinnaker/orca/pipelinetemplate/tasks/UpdatePipelineTemplateTask.java b/...in/java/com/netflix/spinnaker/orca/pipelinetemplate/tasks/UpdatePipelineTemplateTask.java
@@ -50,6 +50,10 @@ public TaskResult execute(Stage stage) {
       throw new UnsupportedOperationException("Front50 is not enabled, no way to fetch pager duty. Fix this by setting front50.enabled: true");
     }
 
+    if (!(stage.getContext().get("pipelineTemplate") instanceof String)) {
+      throw new IllegalArgumentException("'pipelineTemplate' context key must be a base64-encoded string: Ensure you're on the most recent version of gate");
+    }
+
     List<String> missingParams = new ArrayList<>();
     if (!stage.getContext().containsKey("id")) {
       missingParams.add("id");
@@ -65,18 +69,17 @@ public TaskResult execute(Stage stage) {
         ")");
     }
 
-    PipelineTemplate pipelineTemplate;
-    try {
-      pipelineTemplate = pipelineTemplateObjectMapper.convertValue(stage.getContext().get("pipelineTemplate"), PipelineTemplate.class);
-    } catch (IllegalArgumentException e) {
-      throw new IllegalArgumentException("Pipeline template task parameter is not valid", e);
-    }
+    PipelineTemplate pipelineTemplate = (PipelineTemplate) stage.decodeBase64(
+      "/pipelineTemplate",
+      PipelineTemplate.class,
+      pipelineTemplateObjectMapper
+    );
 
     validate(pipelineTemplate);
 
     Response response = front50Service.updatePipelineTemplate(
       (String) stage.getContext().get("id"),
-      (Map<String, Object>) stage.getContext().get("pipelineTemplate")
+      (Map<String, Object>) stage.decodeBase64("/pipelineTemplate", Map.class)
     );
 
     // TODO rz - app & account context?