SNOW-728173: Remove new line for verifier the private key end (#566)

Co-authored-by: Dicky Lau <[email protected]>
snowflakedb · Jul 6, 2023 · cf02f0b · cf02f0b
1 parent 72f5f09
commit cf02f0b
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 4 deletions.
diff --git a/lib/util.js b/lib/util.js
@@ -150,11 +150,13 @@ exports.isNumber = function (value)
  *
  * @returns {Boolean}
  */
-exports.isPrivateKey = function (value)
-{
+exports.isPrivateKey = function (value) {
+  const trimmedValue = value.trim();
   // The private key is expected to be decrypted when set in the connection string
-  return (value.startsWith("-----BEGIN PRIVATE KEY-----") &&
-    value.endsWith("\n-----END PRIVATE KEY-----\n"));
+  // secret scanner complains about first check since it looks like private key, but it's only check
+  // pragma: allowlist nextline secret
+  return (trimmedValue.startsWith('-----BEGIN PRIVATE KEY-----') &&
+    trimmedValue.endsWith('\n-----END PRIVATE KEY-----'));
 };
 
 /**

diff --git a/test/unit/util_test.js b/test/unit/util_test.js
@@ -589,4 +589,48 @@ describe('Util', function ()
         err.response, testCase.retry403), testCase.isRetryable)
     }
   });
+
+  describe('isPrivateKey', () => {
+    [
+      // pragma: allowlist nextline secret
+      { name: 'trimmed already key', key: '-----BEGIN PRIVATE KEY-----\ntest\n-----END PRIVATE KEY-----' },
+      {
+        name: 'key with whitespaces at the beginning',
+        // pragma: allowlist nextline secret
+        key: '   -----BEGIN PRIVATE KEY-----\ntest\n-----END PRIVATE KEY-----'
+      },
+      {
+        name: 'key with whitespaces at the end',
+        // pragma: allowlist nextline secret
+        key: '-----BEGIN PRIVATE KEY-----\ntest\n-----END PRIVATE KEY-----\n\n\n'
+      },
+    ].forEach(({ name, key }) => {
+      it(`${name} is valid`, () => {
+        assert.ok(Util.isPrivateKey(key));
+      });
+    });
+
+    [
+      { name: 'key without beginning and end', key: 'test' },
+      { name: 'key with missing beginning', key: 'test\n-----END PRIVATE KEY-----' },
+      {
+        name: 'key with missing ending',
+        // pragma: allowlist nextline secret
+        key: '   -----BEGIN PRIVATE KEY-----\ntest'
+      },
+      {
+        name: 'key with invalid beginning',
+        key: '-----BEGIN PUBLIC KEY-----\ntest\n-----END PRIVATE KEY-----\n\n\n'
+      },
+      {
+        name: 'key with invalid end',
+        // pragma: allowlist nextline secret
+        key: '-----BEGIN PRIVATE KEY-----\ntest\n-----END PUBLIC KEY-----\n\n\n'
+      },
+    ].forEach(({ name, key }) => {
+      it(`${name} is invalid`, () => {
+        assert.ok(!Util.isPrivateKey(key));
+      });
+    });
+  });
 });