DetectKMSEncryptionContextBug returns true if the encryption context bug is detected in a given runtime sops.Tree object
(tree *sops.Tree)
| 201 | // DetectKMSEncryptionContextBug returns true if the encryption context bug is detected |
| 202 | // in a given runtime sops.Tree object |
| 203 | func DetectKMSEncryptionContextBug(tree *sops.Tree) (bool, error) { |
| 204 | versionCheck, err := version.AIsNewerThanB(KMS_ENC_CTX_BUG_FIXED_VERSION, tree.Metadata.Version) |
| 205 | if err != nil { |
| 206 | return false, err |
| 207 | } |
| 208 | |
| 209 | if versionCheck { |
| 210 | _, _, key := GetKMSKeyWithEncryptionCtx(tree) |
| 211 | if key != nil { |
| 212 | return true, nil |
| 213 | } |
| 214 | } |
| 215 | |
| 216 | return false, nil |
| 217 | } |
| 218 | |
| 219 | // GetKMSKeyWithEncryptionCtx returns the first KMS key affected by the encryption context bug as well as its location in the key groups. |
| 220 | func GetKMSKeyWithEncryptionCtx(tree *sops.Tree) (keyGroupIndex int, keyIndex int, key *kms.MasterKey) { |
no test coverage detected