From 5aee7358aa3cd8cc67907fcf7c761dde9054fc1e Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Fri, 1 Jul 2022 09:43:47 +0200 Subject: [PATCH] decryptor: recover from SOPS store panic Based on user reports, there seems to be a small chance for the underlying SOPS store implementation to panic when a user provides input and/or output format instructions which do not actually match the type of the file. Recover from this to ensure continuity of operations. Signed-off-by: Hidde Beydals --- controllers/kustomization_decryptor.go | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/controllers/kustomization_decryptor.go b/controllers/kustomization_decryptor.go index 7028de5b9..6df53f632 100644 --- a/controllers/kustomization_decryptor.go +++ b/controllers/kustomization_decryptor.go @@ -57,7 +57,7 @@ const ( // DecryptionProviderSOPS is the SOPS provider name. DecryptionProviderSOPS = "sops" // DecryptionPGPExt is the extension of the file containing an armored PGP - //key. + // key. DecryptionPGPExt = ".asc" // DecryptionAgeExt is the extension of the file containing an age key // file. @@ -235,7 +235,8 @@ func (d *KustomizeDecryptor) ImportKeys(ctx context.Context) error { case filepath.Ext(DecryptionAWSKmsFile): if name == DecryptionAWSKmsFile { if d.awsCredsProvider, err = awskms.LoadCredsProviderFromYaml(value); err != nil { - return fmt.Errorf("failed to import '%s' data from %s decryption Secret '%s': %w", name, provider, secretName, err) + return fmt.Errorf("failed to import '%s' data from %s decryption Secret '%s': %w", name, + provider, secretName, err) } } case filepath.Ext(DecryptionAzureAuthFile): @@ -263,7 +264,16 @@ func (d *KustomizeDecryptor) ImportKeys(ctx context.Context) error { // for the input format, gathers the data key for it from the key service, // and then decrypts the file data with the retrieved data key. // It returns the decrypted bytes in the provided output format, or an error. -func (d *KustomizeDecryptor) SopsDecryptWithFormat(data []byte, inputFormat, outputFormat formats.Format) ([]byte, error) { +func (d *KustomizeDecryptor) SopsDecryptWithFormat(data []byte, inputFormat, outputFormat formats.Format) (_ []byte, err error) { + defer func() { + // It was discovered that malicious input and/or output instructions can + // make SOPS panic. Recover from this panic and return as an error. + if r := recover(); r != nil { + err = fmt.Errorf("failed to emit encrypted %s file as decrypted %s: %v", + sopsFormatToString[inputFormat], sopsFormatToString[outputFormat], r) + } + }() + store := common.StoreForFormat(inputFormat) tree, err := store.LoadEncryptedFile(data)