Skip to content

Commit 2dc4784

Browse files
asmyasnikovasmyasnikov
authored
Merge pull request #1627 from ydb-platform/fix-1624
fixed issue 'Explicit null dereferenced' (CWE-476)
2 parents 4d947d7 + 3f8d0d0 commit 2dc4784

File tree

4 files changed

+17
-8
lines changed

4 files changed

+17
-8
lines changed

CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
* Fixed explicit null dereferenced issue in internal/credentials/static.go (CWE-476)
2+
13
## v3.99.1
24
* Bumped dependencies:
35
- `golang.org/x/net from` v0.23.0 to v0.33.0

internal/credentials/access_error.go renamed to internal/credentials/errors.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package credentials
22

33
import (
4+
"errors"
45
"fmt"
56
"io"
67
"reflect"
@@ -13,6 +14,8 @@ import (
1314
"github.com/ydb-platform/ydb-go-sdk/v3/internal/xstring"
1415
)
1516

17+
var errNilExpiresAt = errors.New("nil claims.ExpiresAt field")
18+
1619
type authErrorOption interface {
1720
applyAuthErrorOption(w io.Writer)
1821
}

internal/credentials/access_error_test.go renamed to internal/credentials/errors_test.go

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ func TestAccessError(t *testing.T) {
4242
"database:\"/local\"," +
4343
"credentials:\"Anonymous{}\"" +
4444
"): test " +
45-
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:33)`", //nolint:lll
45+
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:33)`",
4646
},
4747
{
4848
err: AccessError(
@@ -57,7 +57,7 @@ func TestAccessError(t *testing.T) {
5757
"database:\"/local\"," +
5858
"credentials:\"Anonymous{From:\\\"TestAccessError\\\"}\"" +
5959
"): test " +
60-
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:48)`", //nolint:lll
60+
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:48)`",
6161
},
6262
{
6363
err: AccessError(
@@ -72,7 +72,7 @@ func TestAccessError(t *testing.T) {
7272
"database:\"/local\"," +
7373
"credentials:\"AccessToken{Token:\\\"****(CRC-32c: 9B7801F4)\\\"}\"" +
7474
"): test " +
75-
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:63)`", //nolint:lll
75+
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:63)`",
7676
},
7777
{
7878
err: AccessError(
@@ -87,7 +87,7 @@ func TestAccessError(t *testing.T) {
8787
"database:\"/local\"," +
8888
"credentials:\"AccessToken{Token:\\\"****(CRC-32c: 9B7801F4)\\\",From:\\\"TestAccessError\\\"}\"" +
8989
"): test " +
90-
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:78)`", //nolint:lll
90+
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:78)`",
9191
},
9292
{
9393
err: AccessError(
@@ -106,7 +106,7 @@ func TestAccessError(t *testing.T) {
106106
"database:\"/local\"," +
107107
"credentials:\"Static{User:\\\"USER\\\",Password:\\\"SEC**********RD\\\",Token:\\\"****(CRC-32c: 00000000)\\\"}\"" + //nolint:lll
108108
"): test " +
109-
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:93)`", //nolint:lll
109+
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:93)`",
110110
},
111111
{
112112
err: AccessError(
@@ -125,7 +125,7 @@ func TestAccessError(t *testing.T) {
125125
"database:\"/local\"," +
126126
"credentials:\"Static{User:\\\"USER\\\",Password:\\\"SEC**********RD\\\",Token:\\\"****(CRC-32c: 00000000)\\\",From:\\\"TestAccessError\\\"}\"" + //nolint:lll
127127
"): test " +
128-
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:112)`", //nolint:lll
128+
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:112)`",
129129
},
130130
{
131131
err: AccessError(
@@ -140,7 +140,7 @@ func TestAccessError(t *testing.T) {
140140
"database:\"/local\"," +
141141
"credentials:\"github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.customCredentials\"" +
142142
"): test " +
143-
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:131)`", //nolint:lll
143+
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:131)`",
144144
},
145145
{
146146
err: AccessError(
@@ -155,7 +155,7 @@ func TestAccessError(t *testing.T) {
155155
"database:\"/local\"," +
156156
"credentials:\"Anonymous{}\"" +
157157
"): test " +
158-
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(access_error_test.go:146)`", //nolint:lll
158+
"at `github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials.TestAccessError(errors_test.go:146)`",
159159
},
160160
} {
161161
t.Run("", func(t *testing.T) {

internal/credentials/static.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -146,6 +146,10 @@ func parseExpiresAt(raw string) (expiresAt time.Time, err error) {
146146
return expiresAt, xerrors.WithStackTrace(err)
147147
}
148148

149+
if claims.ExpiresAt == nil {
150+
return expiresAt, xerrors.WithStackTrace(errNilExpiresAt)
151+
}
152+
149153
return claims.ExpiresAt.Time, nil
150154
}
151155

0 commit comments

Comments
 (0)