fix(redir): improve data checking for redirection

open-amt-cloud-toolkit · Oct 23, 2023 · 7aa1510 · 7aa1510
1 parent 9651c93
commit 7aa1510
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 2 deletions.
diff --git a/src/secrets/vault/index.test.ts b/src/secrets/vault/index.test.ts
@@ -116,6 +116,31 @@ test('should return null if AMT credentials for a specific device does not exist
   expect(secretAtPathSpy).toHaveBeenCalledWith(`devices/${secretPath}`)
 })
 
+test('should return null if AMT_Password for a specific device does not exists', async () => {
+  const noCredential = {
+    data: {
+      data: {
+        MEBX_PASSWORD: 'Intel@123',
+        MPS_PASSWORD: 'lLJPJNtU2$8FZTUy'
+      }
+    }
+  }
+  const secretAtPathSpy = jest.spyOn(secretManagerService, 'getSecretAtPath').mockResolvedValue(noCredential.data)
+  const result = await secretManagerService.getAMTCredentials(secretPath)
+  expect(result).toEqual(null)
+  expect(secretAtPathSpy).toHaveBeenCalledWith(`devices/${secretPath}`)
+})
+
+test('should return null if secret data for a specific device does not exists', async () => {
+  const noCredential = {
+    data: { }
+  }
+  const secretAtPathSpy = jest.spyOn(secretManagerService, 'getSecretAtPath').mockResolvedValue(noCredential.data)
+  const result = await secretManagerService.getAMTCredentials(secretPath)
+  expect(result).toEqual(null)
+  expect(secretAtPathSpy).toHaveBeenCalledWith(`devices/${secretPath}`)
+})
+
 test('should get MPS certs', async () => {
   const secretAtPathSpy = jest.spyOn(secretManagerService, 'getSecretAtPath').mockResolvedValue(secretCert)
   const result = await secretManagerService.getMPSCerts()

diff --git a/src/secrets/vault/index.ts b/src/secrets/vault/index.ts
@@ -65,7 +65,7 @@ export class VaultSecretManagerService implements ISecretManagerService {
   async getAMTCredentials (path: string): Promise<string[]> {
     const user = 'admin'
     const secret: { data: DeviceSecrets } = await this.getSecretAtPath(`devices/${path}`)
-    if (secret == null) {
+    if (secret?.data?.AMT_PASSWORD == null) {
       return null
     }
     const amtpass: string = secret.data.AMT_PASSWORD

diff --git a/src/utils/wsRedirect.test.ts b/src/utils/wsRedirect.test.ts
@@ -121,6 +121,26 @@ describe('WsRedirect tests', () => {
       wsRedirect.createCredential(paramsWithPof2 as any, credentials)
       expect(wsRedirect.interceptor).toBeFalsy()
     })
+
+    it('should not create credential if any are missing', () => {
+      const paramsWithPof2 = {
+        p: 2
+      }
+      const credentials = ['test']
+
+      wsRedirect.createCredential(paramsWithPof2 as any, credentials)
+      expect(wsRedirect.interceptor).toBeFalsy()
+    })
+
+    it('should not create credential too many are passed in', () => {
+      const paramsWithPof2 = {
+        p: 2
+      }
+      const credentials = ['test1', 'test2', 'test3']
+
+      wsRedirect.createCredential(paramsWithPof2 as any, credentials)
+      expect(wsRedirect.interceptor).toBeFalsy()
+    })
   })
 
   describe('setnormalTCP test', () => {

diff --git a/src/utils/wsRedirect.ts b/src/utils/wsRedirect.ts
@@ -84,7 +84,7 @@ export class WsRedirect {
   }
 
   createCredential (params: queryParams, credentials: string[]): void {
-    if (credentials != null) {
+    if (credentials?.length === 2 && credentials[0] != null && credentials[1] != null) {
       logger.debug(messages.REDIRECT_CREATING_CREDENTIAL)
       if (params.p === 2) {
         this.interceptor = new RedirectInterceptor({