From e9ba36e70857038aef8976dc8296828e9115850c Mon Sep 17 00:00:00 2001 From: Joseph Cosentino Date: Thu, 22 Aug 2024 15:39:27 -0700 Subject: [PATCH] fix: reject invalid thing and group names (#1655) --- .../greengrass/easysetup/GreengrassSetup.java | 7 ++++ .../easysetup/GreengrassSetupTest.java | 40 +++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/src/main/java/com/aws/greengrass/easysetup/GreengrassSetup.java b/src/main/java/com/aws/greengrass/easysetup/GreengrassSetup.java index 197e07e3dc..5791508eb9 100644 --- a/src/main/java/com/aws/greengrass/easysetup/GreengrassSetup.java +++ b/src/main/java/com/aws/greengrass/easysetup/GreengrassSetup.java @@ -515,6 +515,13 @@ private String peekArg() { } void provision(Kernel kernel) throws IOException, DeviceConfigurationException { + if (thingName.contains(":")) { + throw new RuntimeException("Thing name cannot contain colon characters"); + } + if (!Utils.isEmpty(thingGroupName) && thingGroupName.contains(":")) { + throw new RuntimeException("Thing group name cannot contain colon characters"); + } + outStream.printf("Provisioning AWS IoT resources for the device with IoT Thing Name: [%s]...%n", thingName); // handle endpoints provided by external config String iotDataEndpoint = Coerce.toString(kernel.getConfig().find(SERVICES_NAMESPACE_TOPIC, diff --git a/src/test/java/com/aws/greengrass/easysetup/GreengrassSetupTest.java b/src/test/java/com/aws/greengrass/easysetup/GreengrassSetupTest.java index 21bbc1b74e..6a5091664b 100644 --- a/src/test/java/com/aws/greengrass/easysetup/GreengrassSetupTest.java +++ b/src/test/java/com/aws/greengrass/easysetup/GreengrassSetupTest.java @@ -25,6 +25,7 @@ import org.junit.jupiter.params.provider.Arguments; import org.junit.jupiter.params.provider.CsvSource; import org.junit.jupiter.params.provider.MethodSource; +import org.junit.jupiter.params.provider.ValueSource; import org.mockito.Answers; import org.mockito.ArgumentCaptor; import org.mockito.Mock; @@ -40,6 +41,7 @@ import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.hasItems; +import static org.hamcrest.Matchers.is; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.mockito.ArgumentMatchers.any; @@ -487,4 +489,42 @@ void GIVEN_setup_script_WHEN_trusted_plugin_provided_THEN_jar_copied_to_trusted_ greengrassSetup.performSetup(); assertTrue(Files.exists(mockTrustedDirectory.resolve(Utils.namePart(pluginJarPath.toString())))); } + + @ParameterizedTest + @ValueSource(strings = {"group:", "group:1", "group:1:"}) + void GIVEN_invalid_thing_group_name_WHEN_script_is_used_THEN_error(String groupName, ExtensionContext context) { + ignoreExceptionUltimateCauseOfType(context, IOException.class); + Kernel realKernel = new Kernel(); + greengrassSetup = + new GreengrassSetup(System.out, System.err, deviceProvisioningHelper, platform, kernel, "--config", + "mock_config_path", "--root", "mock_root", "--thing-name", "mock_thing_name", + "--thing-group-name", groupName, "--thing-policy-name", "mock_thing_policy_name", + "--tes-role-name", "mock_tes_role_name", "--tes-role-alias-name", "mock_tes_role_alias_name", + "--provision", "--aws-region","us-east-1", "-ss", "false"); + Exception e = assertThrows(RuntimeException.class, () -> { + greengrassSetup.parseArgs(); + greengrassSetup.performSetup(); + }); + realKernel.shutdown(); + assertThat(e.getMessage(), is("Thing group name cannot contain colon characters")); + } + + @ParameterizedTest + @ValueSource(strings = {"thing:", "thing:1", "thing:1:"}) + void GIVEN_invalid_thing_name_WHEN_script_is_used_THEN_error(String thingName, ExtensionContext context) { + ignoreExceptionUltimateCauseOfType(context, IOException.class); + Kernel realKernel = new Kernel(); + greengrassSetup = + new GreengrassSetup(System.out, System.err, deviceProvisioningHelper, platform, kernel, "--config", + "mock_config_path", "--root", "mock_root", "--thing-name", thingName, + "--thing-group-name", "group", "--thing-policy-name", "mock_thing_policy_name", + "--tes-role-name", "mock_tes_role_name", "--tes-role-alias-name", "mock_tes_role_alias_name", + "--provision", "--aws-region","us-east-1", "-ss", "false"); + Exception e = assertThrows(RuntimeException.class, () -> { + greengrassSetup.parseArgs(); + greengrassSetup.performSetup(); + }); + realKernel.shutdown(); + assertThat(e.getMessage(), is("Thing name cannot contain colon characters")); + } }