Merge pull request #57 from envato/dont-decode-policy

Patrick Robinson · web-flow · commit d00e90f674b9 · 2019-03-21T12:04:08.000+11:00
Dont decode S3 Bucket policies
diff --git a/iamy/aws.go b/iamy/aws.go
@@ -92,7 +92,7 @@ func (a *AwsFetcher) fetchS3Data() error {
 			continue
 		}
 
-		policyDoc, err := NewPolicyDocumentFromEncodedJson(b.policyJson)
+		policyDoc, err := NewPolicyDocumentFromJson(b.policyJson)
 		if err != nil {
 			return errors.Wrap(err, "Error creating Policy document")
 		}
diff --git a/iamy/policy.go b/iamy/policy.go
@@ -8,18 +8,23 @@ import (
 	"sort"
 )
 
-func NewPolicyDocumentFromEncodedJson(encoded string) (*PolicyDocument, error) {
-	jsonString, err := url.QueryUnescape(encoded)
-	if err != nil {
+func NewPolicyDocumentFromJson(jsonString string) (*PolicyDocument, error) {
+	var doc PolicyDocument
+	if err := json.Unmarshal([]byte(jsonString), &doc); err != nil {
+		log.Printf("Error unmarshalling JSON %s %s", err, jsonString)
 		return nil, err
 	}
 
-	var doc PolicyDocument
-	if err = json.Unmarshal([]byte(jsonString), &doc); err != nil {
+	return &doc, nil
+}
+
+func NewPolicyDocumentFromEncodedJson(encoded string) (*PolicyDocument, error) {
+	jsonString, err := url.QueryUnescape(encoded)
+	if err != nil {
 		return nil, err
 	}
 
-	return &doc, nil
+	return NewPolicyDocumentFromJson(jsonString)
 }
 
 // PolicyDocument represents an AWS policy document.
diff --git a/iamy/policy_test.go b/iamy/policy_test.go
@@ -126,3 +126,10 @@ Actual:  %#v`, nt.description, nt.input, nt.expected, result)
 		}
 	}
 }
+
+func TestNewPolicyDocumentFromJson(t *testing.T) {
+	_, err := NewPolicyDocumentFromJson(`{"Version":"2012-10-17","Id":"AllowPublicRead","Statement":[{"Sid":"PublicReadBucketObjects","Effect":"Allow","Principal":"*","Action":"s3:GetObject","Resource":"arn:aws:s3:::example.com/*","Condition":{"StringEquals":{"aws:Referer":"%zz"}}}]}`)
+	if err != nil {
+		t.Errorf("Error decoding policy %s", err)
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -92,7 +92,7 @@ func (a *AwsFetcher) fetchS3Data() error {`
`92`	`92`	`continue`
`93`	`93`	`}`
`94`	`94`
`95`		`- policyDoc, err := NewPolicyDocumentFromEncodedJson(b.policyJson)`
	`95`	`+ policyDoc, err := NewPolicyDocumentFromJson(b.policyJson)`
`96`	`96`	`if err != nil {`
`97`	`97`	`return errors.Wrap(err, "Error creating Policy document")`
`98`	`98`	`}`
Original file line number	Diff line number	Diff line change
@@ -126,3 +126,10 @@ Actual: %#v`, nt.description, nt.input, nt.expected, result)
`126`	`126`	`}`
`127`	`127`	`}`
`128`	`128`	`}`
	`129`	`+`
	`130`	`+func TestNewPolicyDocumentFromJson(t *testing.T) {`
	`131`	+ _, err := NewPolicyDocumentFromJson(`{"Version":"2012-10-17","Id":"AllowPublicRead","Statement":[{"Sid":"PublicReadBucketObjects","Effect":"Allow","Principal":"","Action":"s3:GetObject","Resource":"arn:aws:s3:::example.com/","Condition":{"StringEquals":{"aws:Referer":"%zz"}}}]}`)
	`132`	`+ if err != nil {`
	`133`	`+ t.Errorf("Error decoding policy %s", err)`
	`134`	`+ }`
	`135`	`+}`