Merge pull request #384 from psmf22/develop

fix: fixed error on deletion of expired sessions, fixes #356
fortify · Aug 1, 2023 · dc50171 · dc50171
2 parents fe46219 + 5c99af4
commit dc50171
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 7 deletions.
diff --git a/...on/src/main/java/com/fortify/cli/common/session/cli/cmd/AbstractSessionLogoutCommand.java b/...on/src/main/java/com/fortify/cli/common/session/cli/cmd/AbstractSessionLogoutCommand.java
@@ -30,9 +30,13 @@ public JsonNode getJsonNode() {
         var sessionHelper = getSessionHelper();
         if ( sessionHelper.exists(sessionName) ) {
         	result = sessionHelper.sessionSummaryAsObjectNode(sessionName);
-            logout(sessionName, sessionHelper.get(sessionName, true));
-            // TODO Optionally delete all variables
-            getSessionHelper().destroy(sessionName);
+            try {
+                logout(sessionName, sessionHelper.get(sessionName, false));
+            } catch (Exception e){
+                throw e;
+            } finally {
+                getSessionHelper().destroy(sessionName);
+            }
         }
         return result;
     }
@@ -46,6 +50,10 @@ public String getActionCommandResult() {
     public boolean isSingular() {
     	return false;
     }
-
+
+    /*******************************************************************************
+    * This method will always be invoked on existing sessions, independent of whether the session has expired
+    * This is to ensure cleanup of the local session directory and tokens stored in ssc (if the token has already been cleaned up by ssc this should not result in an error)
+    *******************************************************************************/
     protected abstract void logout(String sessionName, D sessionDescriptor);
 }
diff --git a/fcli-core/fcli-ssc/src/main/java/com/fortify/cli/ssc/token/helper/SSCTokenConverter.java b/fcli-core/fcli-ssc/src/main/java/com/fortify/cli/ssc/token/helper/SSCTokenConverter.java
@@ -13,10 +13,13 @@
 package com.fortify.cli.ssc.token.helper;
 
 import java.nio.charset.StandardCharsets;
+import java.util.regex.Pattern;
 
 import org.apache.commons.codec.binary.Base64;
 
+
 public final class SSCTokenConverter {
+    private static Pattern applicationTokenPattern = Pattern.compile("^[\\da-f]{8}(?:-[\\da-f]{4}){3}-[\\da-f]{12}$");
     private SSCTokenConverter() {}
 
     public static final String toApplicationToken(String token) {
@@ -28,19 +31,31 @@ public static final char[] toApplicationToken(char[] token) {
     }
 
     public static final String toRestToken(String token) {
-        return isApplicationToken(token) ? encode(token) : token; 
+        return isApplicationToken(token) ? encode(token) : validateRestTokenFormat(token); 
     }
 
     public static final char[] toRestToken(char[] token) {
         return toRestToken(new String(token)).toCharArray();
     }
 
     public static final boolean isApplicationToken(String token) {
-        return token.matches("^[\\da-f]{8}(?:-[\\da-f]{4}){3}-[\\da-f]{12}$");
+        return applicationTokenPattern.matcher(token).matches();
     }
 
     private static final String decode(String token) {
-        return new String(Base64.decodeBase64(token), StandardCharsets.UTF_8);
+        return validateApplicationTokenFormat(new String(Base64.decodeBase64(token), StandardCharsets.UTF_8));
+    }
+
+    private static final String validateApplicationTokenFormat(String token) {
+        if(!isApplicationToken(token)) {
+            throw new IllegalArgumentException("The provided token could not be decoded to a valid application token format");
+        }
+        return token;
+    }
+
+    private static final String validateRestTokenFormat(String token) {
+        decode(token);
+        return token;
     }
 
     private static final String encode(String token) {