Merge pull request #27 from rybnico/fix/secret-double-base64-encode

Remove base64 encoding from Uploader to prevent double base64 encoded secrets
wandera · May 28, 2019 · 2fa7a41 · 2fa7a41
2 parents 9a5b804 + 0056206
commit 2fa7a41
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 17 deletions.
diff --git a/pkg/upload/upload.go b/pkg/upload/upload.go
@@ -1,7 +1,6 @@
 package upload
 
 import (
-	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -430,11 +429,7 @@ func (u *secretUploader) iterToSecretData(iter FileIter) (map[string][]byte, err
 			if err != nil {
 				return err
 			}
-			src := []byte(content)
-			buf := make([]byte, base64.StdEncoding.EncodedLen(len(src)))
-			base64.StdEncoding.Encode(buf, src)
-
-			data[strings.Replace(file.Name, "/", ".", -1)] = buf
+			data[strings.Replace(file.Name, "/", ".", -1)] = []byte(content)
 		}
 		return nil
 	})

diff --git a/pkg/upload/upload_test.go b/pkg/upload/upload_test.go
@@ -1,19 +1,19 @@
 package upload
 
 import (
-	"encoding/base64"
-	"gopkg.in/src-d/go-git.v4/plumbing"
-	"gopkg.in/src-d/go-git.v4/plumbing/filemode"
-	"gopkg.in/src-d/go-git.v4/plumbing/object"
 	"io/ioutil"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-	testclient "k8s.io/client-go/kubernetes/fake"
-	testing2 "k8s.io/client-go/testing"
 	"os"
 	"path/filepath"
 	"reflect"
 	"regexp"
 	"testing"
+
+	"gopkg.in/src-d/go-git.v4/plumbing"
+	"gopkg.in/src-d/go-git.v4/plumbing/filemode"
+	"gopkg.in/src-d/go-git.v4/plumbing/object"
+	"k8s.io/apimachinery/pkg/apis/meta/v1"
+	testclient "k8s.io/client-go/kubernetes/fake"
+	testing2 "k8s.io/client-go/testing"
 )
 
 type mockFileIter struct {
@@ -248,10 +248,8 @@ func assertData(data map[string]string, t *testing.T, name string, contains []st
 	for _, k := range contains {
 		if v, ok := data[k]; ok {
 			content, _ := ioutil.ReadFile(filepath.Join("testdata", k))
-			base64content := make([]byte, base64.StdEncoding.EncodedLen(len(content)))
-			base64.StdEncoding.Encode(base64content, content)
-			if v != string(content) && v != string(base64content) {
-				t.Errorf("%s case failed: content mismatch expected '%s' but got '%s(%s)' instead", name, content, base64content, v)
+			if v != string(content) {
+				t.Errorf("%s case failed: content mismatch expected '%s' but got '%s' instead", name, content, v)
 			}
 		} else {
 			t.Errorf("%s case failed: expected data with key '%s' in '%s'", name, k, data)