Skip to content

Commit

Permalink
Merge pull request #1627 from ydb-platform/fix-1624
Browse files Browse the repository at this point in the history 
fixed issue 'Explicit null dereferenced' (CWE-476)
  • Loading branch information
@asmyasnikov
asmyasnikov authored Jan 30, 2025
2 parents 4d947d7 + 3f8d0d0 commit 2dc4784
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 8 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
* Fixed explicit null dereferenced issue in internal/credentials/static.go (CWE-476)

## v3.99.1
* Bumped dependencies:
- `golang.org/x/net from` v0.23.0 to v0.33.0
Expand Down
3 changes: 3 additions & 0 deletions internal/credentials/access_error.go → internal/credentials/errors.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package credentials

import (
"errors"
"fmt"
"io"
"reflect"
Expand All @@ -13,6 +14,8 @@ import (
"github.com/ydb-platform/ydb-go-sdk/v3/internal/xstring"
)

var errNilExpiresAt = errors.New("nil claims.ExpiresAt field")

type authErrorOption interface {
applyAuthErrorOption(w io.Writer)
}
Expand Down
16 changes: 8 additions & 8 deletions internal/credentials/access_error_test.go → internal/credentials/errors_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ func TestAccessError(t *testing.T) {
"database:\"/local\"," +
"credentials:\"Anonymous{}\"" +
"): test " +
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:33)`", //nolint:lll
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:33)`",
},
{
err: AccessError(
Expand All @@ -57,7 +57,7 @@ func TestAccessError(t *testing.T) {
"database:\"/local\"," +
"credentials:\"Anonymous{From:\\\"TestAccessError\\\"}\"" +
"): test " +
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:48)`", //nolint:lll
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:48)`",
},
{
err: AccessError(
Expand All @@ -72,7 +72,7 @@ func TestAccessError(t *testing.T) {
"database:\"/local\"," +
"credentials:\"AccessToken{Token:\\\"****(CRC-32c: 9B7801F4)\\\"}\"" +
"): test " +
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:63)`", //nolint:lll
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:63)`",
},
{
err: AccessError(
Expand All @@ -87,7 +87,7 @@ func TestAccessError(t *testing.T) {
"database:\"/local\"," +
"credentials:\"AccessToken{Token:\\\"****(CRC-32c: 9B7801F4)\\\",From:\\\"TestAccessError\\\"}\"" +
"): test " +
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:78)`", //nolint:lll
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:78)`",
},
{
err: AccessError(
Expand All @@ -106,7 +106,7 @@ func TestAccessError(t *testing.T) {
"database:\"/local\"," +
"credentials:\"Static{User:\\\"USER\\\",Password:\\\"SEC**********RD\\\",Token:\\\"****(CRC-32c: 00000000)\\\"}\"" + //nolint:lll
"): test " +
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:93)`", //nolint:lll
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:93)`",
},
{
err: AccessError(
Expand All @@ -125,7 +125,7 @@ func TestAccessError(t *testing.T) {
"database:\"/local\"," +
"credentials:\"Static{User:\\\"USER\\\",Password:\\\"SEC**********RD\\\",Token:\\\"****(CRC-32c: 00000000)\\\",From:\\\"TestAccessError\\\"}\"" + //nolint:lll
"): test " +
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:112)`", //nolint:lll
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:112)`",
},
{
err: AccessError(
Expand All @@ -140,7 +140,7 @@ func TestAccessError(t *testing.T) {
"database:\"/local\"," +
"credentials:\"github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.customCredentials\"" +
"): test " +
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:131)`", //nolint:lll
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:131)`",
},
{
err: AccessError(
Expand All @@ -155,7 +155,7 @@ func TestAccessError(t *testing.T) {
"database:\"/local\"," +
"credentials:\"Anonymous{}\"" +
"): test " +
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:146)`", //nolint:lll
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:146)`",
},
} {
t.Run("", func(t *testing.T) {
Expand Down
4 changes: 4 additions & 0 deletions internal/credentials/static.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,10 @@ func parseExpiresAt(raw string) (expiresAt time.Time, err error) {
return expiresAt, xerrors.WithStackTrace(err)
}

if claims.ExpiresAt == nil {
return expiresAt, xerrors.WithStackTrace(errNilExpiresAt)
}

return claims.ExpiresAt.Time, nil
}

Expand Down

0 comments on commit 2dc4784

Please sign in to comment.