Prevent the pattern matching for KV V2 operations if a trailing slash… (

#64) * Prevent the pattern matching for KV V2 operations if a trailing slash is present in the URL * Tweaked regex, added some test cases * Added more test cases where 'data' is missing
hashicorp · Sep 28, 2022 · 05d1235 · 05d1235
1 parent 5c55bbe
commit 05d1235
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 2 deletions.
diff --git a/path_data.go b/path_data.go
@@ -18,11 +18,15 @@ import (
 	"github.com/mitchellh/mapstructure"
 )
 
+func matchAllNoTrailingSlashRegex(name string) string {
+	return fmt.Sprintf(`(?P<%s>.*?[^/]$)`, name)
+}
+
 // pathConfig returns the path configuration for CRUD operations on the backend
 // configuration.
 func pathData(b *versionedKVBackend) *framework.Path {
 	return &framework.Path{
-		Pattern: "data/" + framework.MatchAllRegex("path"),
+		Pattern: "data/" + matchAllNoTrailingSlashRegex("path"),
 		Fields: map[string]*framework.FieldSchema{
 			"path": {
 				Type:        framework.TypeString,

diff --git a/path_data_test.go b/path_data_test.go
@@ -4,12 +4,14 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"github.com/go-test/deep"
 	"reflect"
+	"regexp"
 	"strings"
 	"testing"
 	"time"
 
+	"github.com/go-test/deep"
+
 	log "github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/vault/sdk/helper/logging"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -1160,3 +1162,29 @@ func TestVersionedKV_Patch_CurrentVersionDestroyed(t *testing.T) {
 		t.Fatalf("Expected 404 status code for destroyed version: resp:%#v\n", resp)
 	}
 }
+
+func TestRegex_AllNoTrailingSlash(t *testing.T) {
+	tests := map[string]struct {
+		input string
+		want  bool
+	}{
+		"single-part-no-trailing-slash":         {input: "data/foo", want: true},
+		"single-part-trailing-slash":            {input: "data/foo/", want: false},
+		"multi-part-no-trailing-slash":          {input: "data/foo/bar", want: true},
+		"multi-part-trailing-slash":             {input: "data/foo/bar/", want: false},
+		"no-data-single-part-no-trailing-slash": {input: "foo", want: false},
+		"no-data-single-part-trailing-slash":    {input: "foo/", want: false},
+		"no-data-multi-part-no-trailing-slash":  {input: "foo/bar", want: false},
+		"no-data-multi-part-trailing-slash":     {input: "foo/bar/", want: false},
+	}
+
+	p := "data/" + matchAllNoTrailingSlashRegex("path")
+	r, _ := regexp.Compile(p)
+
+	for name, tc := range tests {
+		got := r.MatchString(tc.input)
+		if tc.want != got {
+			t.Errorf("%s: expected: %v, got: %v", name, tc.want, got)
+		}
+	}
+}