Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test(ec2): ensure that private key is not written to telemetry #5779

Merged
merged 27 commits into from
Oct 18, 2024
Merged

test(ec2): ensure that private key is not written to telemetry #5779

merged 27 commits into from
Oct 18, 2024

Conversation

Hweinstock
Copy link
Contributor

@Hweinstock Hweinstock commented Oct 11, 2024
edited
Loading

Problem

We want to enforce that the private key generated by the toolkit is not accidentally slipped into a telemetry metric.

Solution

Similar to assertTelemetry, we implement a assertNoTelemetryMatch test utility that scans all metrics to see if a specified keyword is included in its keys or values.

With this utility, it is relatively straightforward to assert that this private key doesn't appear in the telemetry when we generate it and perform other operations with it.

License: I confirm that my contribution is made under the terms of the Apache 2.0 license.

@Hweinstock Hweinstock marked this pull request as ready for review October 11, 2024 22:21
@Hweinstock Hweinstock requested a review from a team as a code owner October 11, 2024 22:21
Hweinstock and others added 4 commits October 14, 2024 10:54
@Hweinstock @justinmk3
support regex
e0cfb3f 
Co-authored-by: Justin M. Keyes <[email protected]>
@Hweinstock @justinmk3
update docstring
147b9a1 
Co-authored-by: Justin M. Keyes <[email protected]>
@Hweinstock @justinmk3
change func signature
287afd5 
Co-authored-by: Justin M. Keyes <[email protected]>
@Hweinstock
support regex in the telemetry matcher
77a5806
@justinmk3
Copy link
Contributor

Windows failure . The c:\Users\RUNNER~1\ path looks suspicious but might be just cosmetic. Note from https://nodejs.org/api/fs.html#fschmodpath-mode-callback :

on Windows only the write permission can be changed, and the distinction among the permissions of group, owner, or others is not implemented.

So if write perms is not important here, as a workaround maybe we can skip that on Windows for now (in sshKeyPair.ts)

  1) Ec2ConnectClient
       sendSshKeysToInstance
         avoids writing the keys to any telemetry metrics:
     Error: ENOENT: no such file or directory, chmod 'c:\Users\RUNNER~1\AppData\Local\Temp\aws-toolkit-vscode\vsctkdc5cd3f6\keys'
      at async chmod (node:internal/fs/promises:1096:10)
      at async FileSystem.chmod (D:\a\aws-toolkit-vscode\aws-toolkit-vscode\packages\core\src\shared\fs\fs.ts:392:13)
      at async Function.generateSshKeyPair (D:\a\aws-toolkit-vscode\aws-toolkit-vscode\packages\core\src\awsService\ec2\sshKeyPair.ts:40:9)
      at async Function.getSshKeyPair (D:\a\aws-toolkit-vscode\aws-toolkit-vscode\packages\core\src\awsService\ec2\sshKeyPair.ts:31:9)
      at async Context.<anonymous> (D:\a\aws-toolkit-vscode\aws-toolkit-vscode\packages\core\src\test\awsService\ec2\model.test.ts:159:26)

@Hweinstock
Copy link
Contributor Author

Based on https://help.ubuntu.com/community/SSH/OpenSSH/Keys it sounds like keys should already have these permissions set correctly. So this chmod is mostly a double-check since the agent will throw an error if the permissions are too open.

I changed the code to throw a more useful error, and only do chmod on non-windows.

@Hweinstock
Copy link
Contributor Author

Seems like there is a more general problem of the key not existing on windows after write. Investigating now.

@Hweinstock Hweinstock merged commit 87831ea into aws:master Oct 18, 2024
24 checks passed
@Hweinstock Hweinstock deleted the notInTelemetry branch October 18, 2024 20:45
tverney pushed a commit to tverney/aws-toolkit-vscode that referenced this pull request Oct 21, 2024
@Hweinstock @justinmk3 @tverney
test(ec2): ensure that private key is not written to telemetry (aws#5779
701792a 
)

## Problem
We want to enforce that the private key generated by the toolkit is not
accidentally slipped into a telemetry metric.

## Solution
Similar to `assertTelemetry`, we implement a `assertNoTelemetryMatch`
test utility that scans all metrics to see if a specified keyword is
included in its keys or values.

With this utility, it is relatively straightforward to assert that this
private key doesn't appear in the telemetry when we generate it and
perform other operations with it.

---

<!--- REMINDER: Ensure that your PR meets the guidelines in
CONTRIBUTING.md -->

License: I confirm that my contribution is made under the terms of the
Apache 2.0 license.

---------

Co-authored-by: Justin M. Keyes <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justinmk3 justinmk3 justinmk3 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Hweinstock @justinmk3