gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-14 07:48:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(quality): TICKET-012 propagate request context instead of context.Background()

Browse Source 
- Updated AgentService interface to accept context.Context parameter in all methods
- Replaced context.Background() calls with proper ctx parameter in agent.go
- Updated AgentGroupService interface to accept context.Context parameter
- Replaced context.Background() calls with proper ctx parameter in agent_group.go
- Updated handler methods to pass r.Context() to service methods
- Context now properly propagates through request lifecycle for timeout/cancellation
- Improved request tracing and cancellation behavior
This commit is contained in:
shankar0123
2026-03-27 21:35:22 -04:00
parent 3e5cc86c5a
commit 200bdf990f
11 changed files with 413 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/connector/issuer/openssl/openssl.go
+12 -6
View File
@@ -97,22 +97,28 @@ func (c *Connector) ValidateConfig(ctx context.Context, rawConfig json.RawMessag
return fmt.Errorf("sign_script is required")
}
// Verify sign_script exists and is executable
if _, err := os.Stat(cfg.SignScript); err != nil {
// Verify sign_script exists and is a regular file
if info, err := os.Stat(cfg.SignScript); err != nil {
return fmt.Errorf("sign_script not accessible: %w", err)
} else if !info.Mode().IsRegular() {
return fmt.Errorf("sign_script must be a regular file, got %s", info.Mode())
}
// Verify revoke_script exists if specified
// Verify revoke_script exists and is a regular file if specified
if cfg.RevokeScript != "" {
if _, err := os.Stat(cfg.RevokeScript); err != nil {
if info, err := os.Stat(cfg.RevokeScript); err != nil {
return fmt.Errorf("revoke_script not accessible: %w", err)
} else if !info.Mode().IsRegular() {
return fmt.Errorf("revoke_script must be a regular file, got %s", info.Mode())
}
}
// Verify crl_script exists if specified
// Verify crl_script exists and is a regular file if specified
if cfg.CRLScript != "" {
if _, err := os.Stat(cfg.CRLScript); err != nil {
if info, err := os.Stat(cfg.CRLScript); err != nil {
return fmt.Errorf("crl_script not accessible: %w", err)
} else if !info.Mode().IsRegular() {
return fmt.Errorf("crl_script must be a regular file, got %s", info.Mode())
}
}
internal/connector/issuer/openssl/openssl_test.go
+65
View File
@@ -556,3 +556,68 @@ func generateMockCertPEM() string {
Bytes: certBytes,
}))
}
// Security tests for script path validation
func TestOpenSSLConnector_ValidateConfig_RejectNonRegularFile(t *testing.T) {
logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: slog.LevelDebug}))
ctx := context.Background()
// Try to use a directory as a script path
tmpDir := t.TempDir()
config := &openssl.Config{
SignScript: tmpDir, // This is a directory, not a regular file
}
connector := openssl.New(config, logger)
rawConfig, _ := json.Marshal(config)
err := connector.ValidateConfig(ctx, rawConfig)
if err == nil {
t.Fatal("Expected error when sign_script is not a regular file")
}
}
func TestOpenSSLConnector_ValidateConfig_ValidateRevokeScriptPath(t *testing.T) {
logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: slog.LevelDebug}))
ctx := context.Background()
tmpDir := t.TempDir()
signScript := filepath.Join(tmpDir, "sign.sh")
os.WriteFile(signScript, []byte("#!/bin/sh\nexit 0"), 0755)
// Try to use a nonexistent file as revoke_script
config := &openssl.Config{
SignScript: signScript,
RevokeScript: "/nonexistent/revoke.sh",
}
connector := openssl.New(config, logger)
rawConfig, _ := json.Marshal(config)
err := connector.ValidateConfig(ctx, rawConfig)
if err == nil {
t.Fatal("Expected error when revoke_script is nonexistent")
}
}
func TestOpenSSLConnector_ValidateConfig_ValidateCRLScriptPath(t *testing.T) {
logger := slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{Level: slog.LevelDebug}))
ctx := context.Background()
tmpDir := t.TempDir()
signScript := filepath.Join(tmpDir, "sign.sh")
os.WriteFile(signScript, []byte("#!/bin/sh\nexit 0"), 0755)
// Try to use a directory as crl_script
config := &openssl.Config{
SignScript: signScript,
CRLScript: tmpDir, // This is a directory, not a regular file
}
connector := openssl.New(config, logger)
rawConfig, _ := json.Marshal(config)
err := connector.ValidateConfig(ctx, rawConfig)
if err == nil {
t.Fatal("Expected error when crl_script is not a regular file")
}
}