Handle unhandled errors.

Signed-off-by: Felix Fontein <[email protected]>
getsops · Oct 3, 2023 · 38ec3f7 · 38ec3f7
1 parent a27e1bd
commit 38ec3f7
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 0 deletions.
diff --git a/cmd/sops/common/common.go b/cmd/sops/common/common.go
@@ -89,6 +89,9 @@ func DecryptTree(opts DecryptTreeOpts) (dataKey []byte, err error) {
 	}
 	fileMac, err := opts.Cipher.Decrypt(opts.Tree.Metadata.MessageAuthenticationCode, dataKey, opts.Tree.Metadata.LastModified.Format(time.RFC3339))
 	if !opts.IgnoreMac {
+		if err != nil {
+			return nil, NewExitError(fmt.Sprintf("Cannot decrypt MAC: %s", err), codes.MacMismatch)
+		}
 		if fileMac != computedMac {
 			// If the file has an empty MAC, display "no MAC" instead of not displaying anything
 			if fileMac == "" {

diff --git a/cmd/sops/main.go b/cmd/sops/main.go
@@ -1234,6 +1234,11 @@ func extractSetArguments(set string) (path []interface{}, valueToInsert interfac
 	fullPath := strings.TrimRight(pathValuePair[0], " ")
 	jsonValue := pathValuePair[1]
 	valueToInsert, err = jsonValueToTreeInsertableValue(jsonValue)
+	if err != nil {
+		// All errors returned by jsonValueToTreeInsertableValue are created by common.NewExitError(),
+		// so we can simply pass them on
+		return nil, nil, err
+	}
 
 	path, err = parseTreePath(fullPath)
 	if err != nil {

diff --git a/stores/yaml/store.go b/stores/yaml/store.go
@@ -131,6 +131,10 @@ func (store Store) appendYamlNodeToTreeBranch(node *yaml.Node, branch sops.TreeB
 		return nil, fmt.Errorf("YAML documents that are values are not supported")
 	case yaml.AliasNode:
 		branch, err = store.appendYamlNodeToTreeBranch(node.Alias, branch, false)
+		if err != nil {
+			// This should never happen since node.Alias was already successfully decoded before
+			return nil, err
+		}
 	}
 	if !commentsWereHandled {
 		branch = store.appendCommentToMap(node.FootComment, branch)

diff --git a/stores/yaml/store_test.go b/stores/yaml/store_test.go
@@ -48,6 +48,59 @@ var BRANCHES = sops.TreeBranches{
 	},
 }
 
+var ALIASES = []byte(`---
+key1: &foo
+  - foo
+key2: *foo
+key3: &bar
+  foo: bar
+  baz: bam
+key4: *bar
+`)
+
+var ALIASES_BRANCHES = sops.TreeBranches{
+	sops.TreeBranch{
+		sops.TreeItem{
+			Key:   "key1",
+			Value: []interface{}{
+				"foo",
+			},
+		},
+		sops.TreeItem{
+			Key:   "key2",
+			Value: []interface{}{
+				"foo",
+			},
+		},
+		sops.TreeItem{
+			Key:   "key3",
+			Value: sops.TreeBranch{
+				sops.TreeItem{
+					Key:   "foo",
+					Value: "bar",
+				},
+				sops.TreeItem{
+					Key:   "baz",
+					Value: "bam",
+				},
+			},
+		},
+		sops.TreeItem{
+			Key:   "key4",
+			Value: sops.TreeBranch{
+				sops.TreeItem{
+					Key:   "foo",
+					Value: "bar",
+				},
+				sops.TreeItem{
+					Key:   "baz",
+					Value: "bam",
+				},
+			},
+		},
+	},
+}
+
 var COMMENT_1 = []byte(`# test
 a:
     b: null
@@ -170,6 +223,12 @@ func TestLoadPlainFile(t *testing.T) {
 	assert.Equal(t, BRANCHES, branches)
 }
 
+func TestLoadAliasesPlainFile(t *testing.T) {
+	branches, err := (&Store{}).LoadPlainFile(ALIASES)
+	assert.Nil(t, err)
+	assert.Equal(t, ALIASES_BRANCHES, branches)
+}
+
 func TestComment1(t *testing.T) {
 	// First iteration: load and store
 	branches, err := (&Store{}).LoadPlainFile(COMMENT_1)