Merge pull request #315 from aws/dev

chore: release 0.18
aws · Sep 1, 2021 · 0ef3240 · 0ef3240
2 parents 7666f38 + d438a63
commit 0ef3240
Show file tree

Hide file tree

Showing 28 changed files with 195 additions and 65 deletions.
diff --git a/src/AWS.Deploy.CLI/AWSUtilities.cs b/src/AWS.Deploy.CLI/AWSUtilities.cs
@@ -9,6 +9,7 @@
 using Amazon.EC2.Model;
 using System.IO;
 using AWS.Deploy.CLI.Utilities;
+using AWS.Deploy.Common.IO;
 
 namespace AWS.Deploy.CLI
 {
@@ -22,11 +23,13 @@ public class AWSUtilities : IAWSUtilities
     {
         private readonly IToolInteractiveService _toolInteractiveService;
         private readonly IConsoleUtilities _consoleUtilities;
+        private readonly IDirectoryManager _directoryManager;
 
-        public AWSUtilities(IToolInteractiveService toolInteractiveService, IConsoleUtilities consoleUtilities)
+        public AWSUtilities(IToolInteractiveService toolInteractiveService, IConsoleUtilities consoleUtilities, IDirectoryManager directoryManager)
         {
             _toolInteractiveService = toolInteractiveService;
             _consoleUtilities = consoleUtilities;
+            _directoryManager = directoryManager;
         }
 
         public async Task<AWSCredentials> ResolveAWSCredentials(string? profileName, string? lastUsedProfileName = null)
@@ -89,7 +92,7 @@ await CanLoadCredentials(lastUsedCredentials))
             if (credentials is AssumeRoleAWSCredentials assumeRoleAWSCredentials)
             {
                 var assumeOptions = assumeRoleAWSCredentials.Options;
-                assumeOptions.MfaTokenCodeCallback = new AssumeRoleMfaTokenCodeCallback(_toolInteractiveService, assumeOptions).Execute;
+                assumeOptions.MfaTokenCodeCallback = new AssumeRoleMfaTokenCodeCallback(_toolInteractiveService, _directoryManager, assumeOptions).Execute;
             }
 
             return credentials;

diff --git a/src/AWS.Deploy.CLI/Commands/CommandFactory.cs b/src/AWS.Deploy.CLI/Commands/CommandFactory.cs
@@ -190,7 +190,7 @@ private Command BuildDeployCommand()
                         AWSProfileName = input.Profile ?? userDeploymentSettings?.AWSProfile ?? null
                     };
 
-                    var dockerEngine = new DockerEngine.DockerEngine(projectDefinition);
+                    var dockerEngine = new DockerEngine.DockerEngine(projectDefinition, _fileManager);
 
                     var deploy = new DeployCommand(
                         _toolInteractiveService,

diff --git a/src/AWS.Deploy.CLI/Commands/DeployCommand.cs b/src/AWS.Deploy.CLI/Commands/DeployCommand.cs
@@ -43,7 +43,7 @@ public class DeployCommand
         private readonly ISystemCapabilityEvaluator _systemCapabilityEvaluator;
         private readonly OrchestratorSession _session;
         private readonly IDirectoryManager _directoryManager;
-        private ICDKVersionDetector _cdkVersionDetector;
+        private readonly ICDKVersionDetector _cdkVersionDetector;
 
         public DeployCommand(
             IToolInteractiveService toolInteractiveService,
@@ -390,7 +390,7 @@ private void SetDeploymentBundleOptionSetting(Recommendation recommendation, str
             switch (optionSettingId)
             {
                 case "DockerExecutionDirectory":
-                    new DockerExecutionDirectoryCommand(_consoleUtilities).OverrideValue(recommendation, settingValue.ToString() ?? "");
+                    new DockerExecutionDirectoryCommand(_consoleUtilities, _directoryManager).OverrideValue(recommendation, settingValue.ToString() ?? "");
                     break;
                 case "DockerBuildArgs":
                     new DockerBuildArgsCommand(_consoleUtilities).OverrideValue(recommendation, settingValue.ToString() ?? "");
@@ -571,7 +571,7 @@ private async Task CreateDeploymentBundle(Orchestrator orchestrator, Recommendat
                             selectedRecommendation.DeploymentBundle.DockerExecutionDirectory,
                             allowEmpty: true);
 
-                        if (!Directory.Exists(dockerExecutionDirectory))
+                        if (!_directoryManager.Exists(dockerExecutionDirectory))
                             continue;
 
                         selectedRecommendation.DeploymentBundle.DockerExecutionDirectory = dockerExecutionDirectory;

diff --git a/src/AWS.Deploy.CLI/Commands/ServerModeCommand.cs b/src/AWS.Deploy.CLI/Commands/ServerModeCommand.cs
@@ -104,10 +104,6 @@ private IEncryptionProvider CreateEncryptionProvider()
                         {
                             aes.Key = Convert.FromBase64String(keyInfo.Key);
                         }
-                        if (keyInfo.IV != null)
-                        {
-                            aes.IV = Convert.FromBase64String(keyInfo.IV);
-                        }
 
                         encryptionProvider = new AesEncryptionProvider(aes);
                         break;

diff --git a/src/AWS.Deploy.CLI/Commands/TypeHints/DockerExecutionDirectoryCommand.cs b/src/AWS.Deploy.CLI/Commands/TypeHints/DockerExecutionDirectoryCommand.cs
@@ -4,17 +4,20 @@
 using System.IO;
 using System.Threading.Tasks;
 using AWS.Deploy.Common;
+using AWS.Deploy.Common.IO;
 using AWS.Deploy.Common.Recipes;
 
 namespace AWS.Deploy.CLI.Commands.TypeHints
 {
     public class DockerExecutionDirectoryCommand : ITypeHintCommand
     {
         private readonly IConsoleUtilities _consoleUtilities;
+        private readonly IDirectoryManager _directoryManager;
 
-        public DockerExecutionDirectoryCommand(IConsoleUtilities consoleUtilities)
+        public DockerExecutionDirectoryCommand(IConsoleUtilities consoleUtilities, IDirectoryManager directoryManager)
         {
             _consoleUtilities = consoleUtilities;
+            _directoryManager = directoryManager;
         }
 
         public Task<object> Execute(Recommendation recommendation, OptionSettingItem optionSetting)
@@ -47,7 +50,7 @@ public void OverrideValue(Recommendation recommendation, string executionDirecto
 
         private string ValidateExecutionDirectory(string executionDirectory)
         {
-            if (!string.IsNullOrEmpty(executionDirectory) && !Directory.Exists(executionDirectory))
+            if (!string.IsNullOrEmpty(executionDirectory) && !_directoryManager.Exists(executionDirectory))
                 return "The directory specified for Docker execution does not exist.";
             else
                 return "";

diff --git a/src/AWS.Deploy.CLI/Commands/TypeHints/TypeHintCommandFactory.cs b/src/AWS.Deploy.CLI/Commands/TypeHints/TypeHintCommandFactory.cs
@@ -4,6 +4,7 @@
 using System.Collections.Generic;
 using System.Threading.Tasks;
 using AWS.Deploy.Common;
+using AWS.Deploy.Common.IO;
 using AWS.Deploy.Common.Recipes;
 using AWS.Deploy.Orchestration.Data;
 
@@ -29,7 +30,7 @@ public class TypeHintCommandFactory : ITypeHintCommandFactory
     {
         private readonly Dictionary<OptionSettingTypeHint, ITypeHintCommand> _commands;
 
-        public TypeHintCommandFactory(IToolInteractiveService toolInteractiveService, IAWSResourceQueryer awsResourceQueryer, IConsoleUtilities consoleUtilities)
+        public TypeHintCommandFactory(IToolInteractiveService toolInteractiveService, IAWSResourceQueryer awsResourceQueryer, IConsoleUtilities consoleUtilities, IDirectoryManager directoryManager)
         {
             _commands = new Dictionary<OptionSettingTypeHint, ITypeHintCommand>
             {
@@ -42,7 +43,7 @@ public TypeHintCommandFactory(IToolInteractiveService toolInteractiveService, IA
                 { OptionSettingTypeHint.DotnetPublishAdditionalBuildArguments, new DotnetPublishArgsCommand(consoleUtilities) },
                 { OptionSettingTypeHint.DotnetPublishSelfContainedBuild, new DotnetPublishSelfContainedBuildCommand(consoleUtilities) },
                 { OptionSettingTypeHint.DotnetPublishBuildConfiguration, new DotnetPublishBuildConfigurationCommand(consoleUtilities) },
-                { OptionSettingTypeHint.DockerExecutionDirectory, new DockerExecutionDirectoryCommand(consoleUtilities) },
+                { OptionSettingTypeHint.DockerExecutionDirectory, new DockerExecutionDirectoryCommand(consoleUtilities, directoryManager) },
                 { OptionSettingTypeHint.DockerBuildArgs, new DockerBuildArgsCommand(consoleUtilities) },
                 { OptionSettingTypeHint.ECSCluster, new ECSClusterCommand(awsResourceQueryer, consoleUtilities) },
                 { OptionSettingTypeHint.ExistingApplicationLoadBalancer, new ExistingApplicationLoadBalancerCommand(awsResourceQueryer, consoleUtilities) },

diff --git a/src/AWS.Deploy.CLI/ConsoleUtilities.cs b/src/AWS.Deploy.CLI/ConsoleUtilities.cs
@@ -7,6 +7,7 @@
 using System.Linq;
 using System.Text;
 using AWS.Deploy.Common;
+using AWS.Deploy.Common.IO;
 
 namespace AWS.Deploy.CLI
 {
@@ -35,10 +36,12 @@ T AskUserToChoose<T>(IList<T> options, string title, T defaultValue, string? def
     public class ConsoleUtilities : IConsoleUtilities
     {
         private readonly IToolInteractiveService _interactiveService;
+        private readonly IDirectoryManager _directoryManager;
 
-        public ConsoleUtilities(IToolInteractiveService interactiveService)
+        public ConsoleUtilities(IToolInteractiveService interactiveService, IDirectoryManager directoryManager)
         {
             _interactiveService = interactiveService;
+            _directoryManager = directoryManager;
         }
 
         public Recommendation AskToChooseRecommendation(IList<Recommendation> recommendations)
@@ -311,7 +314,7 @@ public string AskForEC2KeyPairSaveDirectory(string projectPath)
             {
                 var keyPairDirectory = _interactiveService.ReadLine();
                 if (keyPairDirectory != null &&
-                    Directory.Exists(keyPairDirectory))
+                    _directoryManager.Exists(keyPairDirectory))
                 {
                     var projectFolder = new FileInfo(projectPath).Directory;
                     var keyPairDirectoryInfo = new DirectoryInfo(keyPairDirectory);

diff --git a/src/AWS.Deploy.CLI/ServerMode/AwsCredentialsAuthenticationHandler.cs b/src/AWS.Deploy.CLI/ServerMode/AwsCredentialsAuthenticationHandler.cs
@@ -82,9 +82,18 @@ protected override Task<AuthenticateResult> HandleAuthenticateAsync()
         public static AuthenticateResult ProcessAuthorizationHeader(string authorizationHeaderValue, IEncryptionProvider encryptionProvider)
         {
             var tokens = authorizationHeaderValue.Split(' ');
-            if (tokens.Length != 2)
+            if (tokens.Length != 2 && tokens.Length != 3)
             {
-                return AuthenticateResult.Fail($"Incorrect format Authorization header. Format should be \"{SchemaName} <base-64-auth-parameters>\"");
+                var ivPlaceholder = "";
+                if (encryptionProvider is AesEncryptionProvider)
+                {
+                    ivPlaceholder = "<iv> ";
+                }
+                return AuthenticateResult.Fail($"Incorrect format Authorization header. Format should be \"{SchemaName} {ivPlaceholder}<base-64-auth-parameters>\"");
+            }
+            if (tokens.Length == 2 && encryptionProvider is AesEncryptionProvider)
+            {
+                return AuthenticateResult.Fail($"Incorrect format Authorization header. Format should be \"{SchemaName} <iv> <base-64-auth-parameters>\"");
             }
             if (!string.Equals(SchemaName, tokens[0]))
             {
@@ -93,9 +102,20 @@ public static AuthenticateResult ProcessAuthorizationHeader(string authorization
 
             try
             {
-                var base64Bytes = Convert.FromBase64String(tokens[1]);
+                byte[]? base64IV;
+                byte[] base64Bytes;
+                if (tokens.Length == 2)
+                {
+                    base64IV = null;
+                    base64Bytes = Convert.FromBase64String(tokens[1]);
+                }
+                else
+                {
+                    base64IV = Convert.FromBase64String(tokens[1]);
+                    base64Bytes = Convert.FromBase64String(tokens[2]);
+                }
 
-                var decryptedBytes = encryptionProvider.Decrypt(base64Bytes);
+                var decryptedBytes = encryptionProvider.Decrypt(base64Bytes, base64IV);
                 var json = Encoding.UTF8.GetString(decryptedBytes);
 
                 var authParameters = JsonConvert.DeserializeObject<Dictionary<string, string>>(json);

diff --git a/src/AWS.Deploy.CLI/ServerMode/Controllers/DeploymentController.cs b/src/AWS.Deploy.CLI/ServerMode/Controllers/DeploymentController.cs
@@ -515,7 +515,9 @@ private Orchestrator CreateOrchestrator(SessionState state, IServiceProvider? se
                                     serviceProvider.GetRequiredService<IAWSResourceQueryer>(),
                                     serviceProvider.GetRequiredService<IDeploymentBundleHandler>(),
                                     serviceProvider.GetRequiredService<ILocalUserSettingsEngine>(),
-                                    new DockerEngine.DockerEngine(session.ProjectDefinition),
+                                    new DockerEngine.DockerEngine(
+                                        session.ProjectDefinition,
+                                        serviceProvider.GetRequiredService<IFileManager>()),
                                     serviceProvider.GetRequiredService<ICustomRecipeLocator>(),
                                     new List<string> { RecipeLocator.FindRecipeDefinitionsPath() },
                                     serviceProvider.GetRequiredService<IDirectoryManager>()

diff --git a/src/AWS.Deploy.CLI/ServerMode/Services/AesEncryptionProvider.cs b/src/AWS.Deploy.CLI/ServerMode/Services/AesEncryptionProvider.cs
@@ -19,9 +19,9 @@ public AesEncryptionProvider(Aes aes)
             _aes = aes;
         }
 
-        public byte[] Decrypt(byte[] encryptedData)
-        {            
-            var decryptor = _aes.CreateDecryptor(_aes.Key, _aes.IV);
+        public byte[] Decrypt(byte[] encryptedData, byte[]? generatedIV)
+        {
+            var decryptor = _aes.CreateDecryptor(_aes.Key, generatedIV);
 
             using var inputStream = new MemoryStream(encryptedData);
             using var decryptStream = new CryptoStream(inputStream, decryptor, CryptoStreamMode.Read);

diff --git a/src/AWS.Deploy.CLI/ServerMode/Services/IEncryptionProvider.cs b/src/AWS.Deploy.CLI/ServerMode/Services/IEncryptionProvider.cs
@@ -10,6 +10,6 @@ namespace AWS.Deploy.CLI.ServerMode.Services
 {
     public interface IEncryptionProvider
     {
-        byte[] Decrypt(byte[] encryptedData);
+        byte[] Decrypt(byte[] encryptedData, byte[]? generatedIV);
     }
 }
diff --git a/src/AWS.Deploy.CLI/ServerMode/Services/NoEncryptionProvider.cs b/src/AWS.Deploy.CLI/ServerMode/Services/NoEncryptionProvider.cs
@@ -10,6 +10,6 @@ namespace AWS.Deploy.CLI.ServerMode.Services
 {
     public class NoEncryptionProvider : IEncryptionProvider
     {
-        public byte[] Decrypt(byte[] encryptedData) => encryptedData;
+        public byte[] Decrypt(byte[] encryptedData, byte[]? generatedIV) => encryptedData;
     }
 }
diff --git a/src/AWS.Deploy.CLI/Utilities/AssumeRoleMfaTokenCodeCallback.cs b/src/AWS.Deploy.CLI/Utilities/AssumeRoleMfaTokenCodeCallback.cs
@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.Text;
 using Amazon.Runtime;
+using AWS.Deploy.Common.IO;
 
 namespace AWS.Deploy.CLI.Utilities
 {
@@ -15,18 +16,20 @@ internal class AssumeRoleMfaTokenCodeCallback
     {
         private readonly AssumeRoleAWSCredentialsOptions _options;
         private readonly IToolInteractiveService _toolInteractiveService;
+        private readonly IDirectoryManager _directoryManager;
 
-        internal AssumeRoleMfaTokenCodeCallback(IToolInteractiveService toolInteractiveService, AssumeRoleAWSCredentialsOptions options)
+        internal AssumeRoleMfaTokenCodeCallback(IToolInteractiveService toolInteractiveService, IDirectoryManager directoryManager, AssumeRoleAWSCredentialsOptions options)
         {
             _toolInteractiveService = toolInteractiveService;
             _options = options;
+            _directoryManager = directoryManager;
         }
 
         internal string Execute()
         {
             _toolInteractiveService.WriteLine();
             _toolInteractiveService.WriteLine($"Enter MFA code for {_options.MfaSerialNumber}: ");
-            var consoleUtilites = new ConsoleUtilities(_toolInteractiveService);
+            var consoleUtilites = new ConsoleUtilities(_toolInteractiveService, _directoryManager);
             var code = consoleUtilites.ReadSecretFromConsole();
 
             return code;

diff --git a/src/AWS.Deploy.Common/IO/DirectoryManager.cs b/src/AWS.Deploy.Common/IO/DirectoryManager.cs
@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using AWS.Deploy.Common.Utilities;
 
 namespace AWS.Deploy.Common.IO
 {
@@ -35,7 +36,7 @@ public class DirectoryManager : IDirectoryManager
 
         public DirectoryInfo GetDirectoryInfo(string path) => new DirectoryInfo(path);
 
-        public bool Exists(string path) => Directory.Exists(path);
+        public bool Exists(string path) => IsDirectoryValid(path);
 
         public string[] GetFiles(string path, string? searchPattern = null, SearchOption searchOption = SearchOption.TopDirectoryOnly)
             => Directory.GetFiles(path, searchPattern ?? "*", searchOption);
@@ -61,5 +62,16 @@ public string[] GetProjFiles(string path)
         {
             return Directory.GetFiles(path).Where(filePath => _projFileExtensions.Contains(Path.GetExtension(filePath).ToLower())).ToArray();
         }
+
+        private bool IsDirectoryValid(string directoryPath)
+        {
+            if (!PathUtilities.IsPathValid(directoryPath))
+                return false;
+
+            if (!Directory.Exists(directoryPath))
+                return false;
+
+            return true;
+        }
     }
 }
diff --git a/src/AWS.Deploy.Common/IO/FileManager.cs b/src/AWS.Deploy.Common/IO/FileManager.cs
@@ -2,8 +2,10 @@
 // SPDX-License-Identifier: Apache-2.0
 
 using System.IO;
+using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
+using AWS.Deploy.Common.Utilities;
 
 namespace AWS.Deploy.Common.IO
 {
@@ -20,13 +22,24 @@ public interface IFileManager
     /// </summary>
     public class FileManager : IFileManager
     {
-        public bool Exists(string path) => File.Exists(path);
+        public bool Exists(string path) => IsFileValid(path);
 
         public Task<string> ReadAllTextAsync(string path) => File.ReadAllTextAsync(path);
 
         public Task<string[]> ReadAllLinesAsync(string path) => File.ReadAllLinesAsync(path);
 
         public Task WriteAllTextAsync(string filePath, string contents, CancellationToken cancellationToken) =>
             File.WriteAllTextAsync(filePath, contents, cancellationToken);
+
+        private bool IsFileValid(string filePath)
+        {
+            if (!PathUtilities.IsPathValid(filePath))
+                return false;
+
+            if (!File.Exists(filePath))
+                return false;
+
+            return true;
+        }
     }
 }
diff --git a/src/AWS.Deploy.Common/Utilities/PathUtilities.cs b/src/AWS.Deploy.Common/Utilities/PathUtilities.cs
@@ -0,0 +1,30 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+using System.IO;
+using System.Linq;
+
+namespace AWS.Deploy.Common.Utilities
+{
+    public class PathUtilities
+    {
+        public static bool IsPathValid(string path)
+        {
+            path = path.Trim();
+
+            if (string.IsNullOrEmpty(path))
+                return false;
+
+            if (path.StartsWith(@"\\"))
+                return false;
+
+            if (path.Contains("&"))
+                return false;
+
+            if (Path.GetInvalidPathChars().Any(x => path.Contains(x)))
+                return false;
+
+            return true;
+        }
+    }
+}