Skip to content

feat: add secret value and file path validation#24269

Merged
zedkipp merged 1 commit into
mainfrom
zedkipp/plat-80-secret-value-validation
Apr 13, 2026
Merged

feat: add secret value and file path validation#24269
zedkipp merged 1 commit into
mainfrom
zedkipp/plat-80-secret-value-validation

Conversation

@zedkipp
Copy link
Copy Markdown
Contributor

@zedkipp zedkipp commented Apr 10, 2026
edited
Loading

Add UserSecretValueValid() to reject null bytes and values exceeding 32KB. The 32KB limit applies uniformly to both env var and file secrets because the value field is shared and the destination can change after creation.

Harden UserSecretFilePathValid() to also reject null bytes and paths exceeding 4096 bytes.

Wire value validation into both POST and PATCH handlers.

@github-actions github-actions Bot added the community Pull Requests and issues created by the community. label Apr 10, 2026
@zedkipp zedkipp removed the community Pull Requests and issues created by the community. label Apr 10, 2026
@zedkipp zedkipp force-pushed the zedkipp/plat-80-secret-value-validation branch from 3d62ba9 to f78a0e4 Compare April 10, 2026 22:01
@zedkipp zedkipp marked this pull request as ready for review April 10, 2026 22:07
zedkipp
zedkipp commented Apr 10, 2026
View reviewed changes
Comment thread coderd/usersecrets.go
@zedkipp
feat: add secret value and file path validation
0702f46 
Add UserSecretValueValid() to reject null bytes and values exceeding
32KB. The 32KB limit applies uniformly to both env var and file
secrets because the value field is shared and the destination can
change after creation.

Harden UserSecretFilePathValid() to also reject null bytes and paths
exceeding 4096 bytes.

Wire value validation into both postUserSecret and patchUserSecret
handlers.
@zedkipp zedkipp force-pushed the zedkipp/plat-80-secret-value-validation branch from f78a0e4 to 0702f46 Compare April 10, 2026 22:12
dylanhuff-at-coder
dylanhuff-at-coder approved these changes Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@dylanhuff-at-coder dylanhuff-at-coder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice work!

@zedkipp zedkipp merged commit 4854f33 into main Apr 13, 2026
29 checks passed
@zedkipp zedkipp deleted the zedkipp/plat-80-secret-value-validation branch April 13, 2026 13:24
@github-actions github-actions Bot locked and limited conversation to collaborators Apr 13, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@dylanhuff-at-coder dylanhuff-at-coder dylanhuff-at-coder approved these changes

Assignees

@zedkipp zedkipp

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zedkipp @dylanhuff-at-coder