From 91b887d749296f3b9a87ad1bb7b7fdf91c115052 Mon Sep 17 00:00:00 2001 From: Zac Bergquist Date: Mon, 25 Sep 2023 08:56:03 -0600 Subject: [PATCH] Remove gravitational/configure dependency (#32447) This repo hasn't been updated in 7 years and is not up to our current quality or security standards. In addition, we only leveraged a single function from it. Updates #5685 --- go.mod | 1 - go.sum | 2 -- lib/services/role.go | 3 +-- lib/utils/utils.go | 26 ++++++++++++++++++++++++++ 4 files changed, 27 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index f8a3c67ef3e83..b5845008fedf1 100644 --- a/go.mod +++ b/go.mod @@ -93,7 +93,6 @@ require ( github.com/google/uuid v1.3.1 github.com/googleapis/gax-go/v2 v2.12.0 github.com/gorilla/websocket v1.5.0 - github.com/gravitational/configure v0.0.0-20180808141939-c3428bd84c23 github.com/gravitational/form v0.0.0-20151109031454-c4048f792f70 github.com/gravitational/license v0.0.0-20210218173955-6d8fb49b117a github.com/gravitational/oxy v0.0.0-20221029012416-9fbf4c444680 diff --git a/go.sum b/go.sum index a1073ae084219..cb88cb0c81d63 100644 --- a/go.sum +++ b/go.sum @@ -795,8 +795,6 @@ github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoA github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gravitational/configure v0.0.0-20180808141939-c3428bd84c23 h1:havbccuFO5fRj0O67oHXI7doShLig3rSIXfMrd/UnkA= -github.com/gravitational/configure v0.0.0-20180808141939-c3428bd84c23/go.mod h1:XL9nebvlfNVvRzRPWdDcWootcyA0l7THiH/A+W1233g= github.com/gravitational/form v0.0.0-20151109031454-c4048f792f70 h1:To76nCJtM3DI0mdq3nGLzXqTV1wNOJByxv01+u9/BxM= github.com/gravitational/form v0.0.0-20151109031454-c4048f792f70/go.mod h1:88hFR45MpUd23d2vNWE/dYtesU50jKsbz0I9kH7UaBY= github.com/gravitational/go-cassandra-native-protocol v0.0.0-20221005103706-b9e66c056e90 h1:fPNJE2kaWC0Oy2YKxk1tbnqhKl3aTeXVAfjXzphJmI8= diff --git a/lib/services/role.go b/lib/services/role.go index 0cf266441ffb0..4621b66e499b4 100644 --- a/lib/services/role.go +++ b/lib/services/role.go @@ -28,7 +28,6 @@ import ( "github.com/aws/aws-sdk-go/aws/arn" "github.com/google/uuid" - "github.com/gravitational/configure/cstrings" "github.com/gravitational/trace" log "github.com/sirupsen/logrus" "github.com/vulcand/predicate" @@ -371,7 +370,7 @@ func filterInvalidUnixLogins(candidates []string) []string { var output []string for _, candidate := range candidates { - if cstrings.IsValidUnixUser(candidate) { + if utils.IsValidUnixUser(candidate) { // A valid variable was found in the traits, append it to the list of logins. output = append(output, candidate) continue diff --git a/lib/utils/utils.go b/lib/utils/utils.go index 31fa29885ede1..f2d602769ab2a 100644 --- a/lib/utils/utils.go +++ b/lib/utils/utils.go @@ -33,6 +33,7 @@ import ( "strings" "sync" "time" + "unicode" "github.com/google/uuid" "github.com/gravitational/trace" @@ -322,6 +323,31 @@ func IsValidHostname(hostname string) bool { return true } +// IsValidUnixUser checks if a string represents a valid +// UNIX username. +func IsValidUnixUser(u string) bool { + // See http://www.unix.com/man-page/linux/8/useradd: + // + // On Debian, the only constraints are that usernames must neither start with a dash ('-') + // nor contain a colon (':') or a whitespace (space: ' ', end of line: '\n', tabulation: + // '\t', etc.). Note that using a slash ('/') may break the default algorithm for the + // definition of the user's home directory. + + const maxUsernameLen = 32 + if len(u) > maxUsernameLen || len(u) == 0 || u[0] == '-' { + return false + } + if strings.ContainsAny(u, ":/") { + return false + } + for _, r := range u { + if unicode.IsSpace(r) || unicode.IsControl(r) { + return false + } + } + return true +} + // ReadPath reads file contents func ReadPath(path string) ([]byte, error) { if path == "" {