From 7aba43478debb7803a9476089e20c80c5d0e3f01 Mon Sep 17 00:00:00 2001
From: ecrupper <easton.crupper12@gmail.com>
Date: Tue, 15 Feb 2022 12:35:52 -0600
Subject: [PATCH 1/2] fix(secrets): reject whitespace value secrets

---
 api/secret.go | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/api/secret.go b/api/secret.go
index c870a1a7b..c6f71f93a 100644
--- a/api/secret.go
+++ b/api/secret.go
@@ -81,6 +81,8 @@ import (
 
 // CreateSecret represents the API handler to
 // create a secret in the configured backend.
+//
+// nolint: funlen // ignore funlen linter
 func CreateSecret(c *gin.Context) {
 	// capture middleware values
 	u := user.Retrieve(c)
@@ -129,6 +131,16 @@ func CreateSecret(c *gin.Context) {
 		return
 	}
 
+	// reject secrets with solely whitespace characters as its value
+	trimmed := strings.TrimSpace(input.GetValue())
+	if len(trimmed) == 0 {
+		retErr := fmt.Errorf("cannot set secret value to solely whitespace characters")
+
+		util.HandleError(c, http.StatusBadRequest, retErr)
+
+		return
+	}
+
 	// update fields in secret object
 	input.SetOrg(o)
 	input.SetRepo(n)
@@ -544,6 +556,8 @@ func GetSecret(c *gin.Context) {
 //       "$ref": "#/definitions/Error"
 
 // UpdateSecret updates a secret for the provided secrets service.
+//
+// nolint: funlen // ignore funlen linter
 func UpdateSecret(c *gin.Context) {
 	// capture middleware values
 	u := user.Retrieve(c)
@@ -595,6 +609,16 @@ func UpdateSecret(c *gin.Context) {
 		return
 	}
 
+	// reject secrets with solely whitespace characters as its value
+	trimmed := strings.TrimSpace(input.GetValue())
+	if len(trimmed) == 0 {
+		retErr := fmt.Errorf("cannot set secret value to solely whitespace characters")
+
+		util.HandleError(c, http.StatusBadRequest, retErr)
+
+		return
+	}
+
 	// update secret fields if provided
 	input.SetName(s)
 	input.SetOrg(o)

From 3e01757c0e43d7ea72362d7f5df462ac06f10dd8 Mon Sep 17 00:00:00 2001
From: ecrupper <easton.crupper12@gmail.com>
Date: Thu, 17 Feb 2022 11:16:15 -0600
Subject: [PATCH 2/2] edit error message

---
 api/secret.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/secret.go b/api/secret.go
index c6f71f93a..86b2c8181 100644
--- a/api/secret.go
+++ b/api/secret.go
@@ -134,7 +134,7 @@ func CreateSecret(c *gin.Context) {
 	// reject secrets with solely whitespace characters as its value
 	trimmed := strings.TrimSpace(input.GetValue())
 	if len(trimmed) == 0 {
-		retErr := fmt.Errorf("cannot set secret value to solely whitespace characters")
+		retErr := fmt.Errorf("secret value must contain non-whitespace characters")
 
 		util.HandleError(c, http.StatusBadRequest, retErr)
 
@@ -612,7 +612,7 @@ func UpdateSecret(c *gin.Context) {
 	// reject secrets with solely whitespace characters as its value
 	trimmed := strings.TrimSpace(input.GetValue())
 	if len(trimmed) == 0 {
-		retErr := fmt.Errorf("cannot set secret value to solely whitespace characters")
+		retErr := fmt.Errorf("secret value must contain non-whitespace characters")
 
 		util.HandleError(c, http.StatusBadRequest, retErr)