Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(custom-resources): ArrayBufferView decodes underlying buffer instead of the view #30356

Closed
wants to merge 2 commits into from

Conversation

s12v
Copy link
Contributor

@s12v s12v commented May 27, 2024

Issue

Related to #19065

Reason for this change

Sample app to reproduce:

import {Stack, StackProps} from 'aws-cdk-lib';
import {Construct} from 'constructs';
import {KeySpec, KeyUsage} from "aws-cdk-lib/aws-kms";
import cr = require('aws-cdk-lib/custom-resources');
import kms = require('aws-cdk-lib/aws-kms');

export class SampleStack extends Stack {
    constructor(scope: Construct, id: string, props?: StackProps) {
        super(scope, id, props);

        // Create key
        const kmsKey = new kms.Key(this, 'SampleKey', {
            keySpec: KeySpec.ECC_NIST_P256,
            keyUsage: KeyUsage.SIGN_VERIFY,
        });

        // Export public key
        const publicKeyApiCall = new cr.AwsCustomResource(this, 'PublicKey', {
            onCreate: {
                service: 'KMS',
                action: 'GetPublicKey',
                physicalResourceId: cr.PhysicalResourceId.of('PublicKey'),
                parameters: {
                    KeyId: kmsKey.keyArn,
                },
            },
            policy: cr.AwsCustomResourcePolicy.fromSdkCalls({
                resources: cr.AwsCustomResourcePolicy.ANY_RESOURCE,
            }),
        });

        const publicKey = publicKeyApiCall.getResponseField('PublicKey');
        this.exportValue(publicKey, {name: 'PublicKey'})
    }
}

Expected result: value of the PublicKey property of the KMS GetPublicKey API response.

Actual result: the entire underlying buffer of the response:

 2024-05-27T22:03:20.837Z	d9886a79-a519-4e21-99a5-5dffc09a2fec	INFO	API response {
    CustomerMasterKeySpec: 'ECC_NIST_P256',
    KeyId: 'arn:aws:kms:us-west-2:...:key/21e7d06f-b638-400b-82f3-613cca94abe1',
    KeySpec: 'ECC_NIST_P256',
    KeyUsage: 'SIGN_VERIFY',
    PublicKey: "0Y0\x13\x06\x07*�H�=\x02\x01\x06\b*�H�=\x03\x01\x07\x03B\x00\x04\b�I�Do�BgnM>l�hl�UF��'��hj�v�l��ɖ���b�\tf�=TC���\x10\n" +
      '[\rCC_�(\x15X1b~8\x00Z\x00\x00\x00a\x00\x00\x00z\x00\x00\x00/\x00\x00\x00/\x00\x00\x00\x10|\bv�U\x00\x00سjw�U\x00\x00\x00\x00\x02~\x01t_s\x00\x00\x00\x00Erro`~\bv�U\x00\x00 �jw�U\x00\x00\x00\x00\x00\x00���\x7F\x00\x00\x00\x00���\x7F\x00\x00\x00\x00\x01ninx�jw�U\x00\x00\x04\x00\x00\x00\x01\x00\x00\x00=\x00on bas8}\bv�U\x00\x00x�jw�U\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00`~\bv�U\x00\x00��jw�U\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00�z\bv�U\x00\x00\x03\x00\x00\x00�U\x00\x00�jw�U\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00ȳjw�U\x00\x00@�jw�U\x00\x00��jw�U\x00\x00��jw�U\x00\x00�y\bv�U\x00\x00дjw�U\x00\x00\x00\x00\x00\x00���\x7F�\x03\x04v�U\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00K���\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00�ϘV�\x7F\x00\x00\x00\x00\x00\x00�U\x00\x00X\x04\x04v�U\x00\x00X�jw�U\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00�\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00�ϘV�\x7F\x00\x00\x18�jw�U\x00\x00\x01\x00\x00\x00\x01e\x00\x00fromStri\x02\x00\x00\x00�U\x00\x00�\x05\x04v�U\x00\x00��jw�U\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00�\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00�ϘV�\x7F\x00\x00X�jw�U\x00\x00\x00\x00\x00\
...

Which causes CloudFormation to fail with error ❌ SampleStack failed: Error: The stack named SampleStack failed to deploy: UPDATE_ROLLBACK_COMPLETE: Response object is too long.

Root cause: Uint8Array references an ArrayBuffer with offset and length. When using value.buffer, the entire buffer (entire response body) is used, while Uint8Array only references a part of it.

Description of changes

Decode the value instead of the underlying buffer.

Description of how you validated changes

Updated a unit test.

Checklist


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added the p2 label May 27, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team May 27, 2024 22:18
@github-actions github-actions bot added the beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK label May 27, 2024
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

@s12v s12v changed the title fix: Correctly decode Uint8Array fix: correctly decode Uint8Array May 27, 2024
@s12v s12v force-pushed the fix-decode-uint8array branch from df2352d to 617e82d Compare May 27, 2024 22:22
@TheRealAmazonKendra
Copy link
Contributor

We will definitely need to see the output of updated integ tests to properly assess this one. If you're hesitant to update them all prior to getting feedback (I wouldn't blame you, it's tedious) please get at least one updated and then tag me and I'll do a review.

@TheRealAmazonKendra
Copy link
Contributor

Also, the PR title of a fix should describe the bug, not the solution as it goes in our changelog. It should also contain the link of the issue it is resolving, please link this issue in this PR for tracking: #19065

@s12v s12v force-pushed the fix-decode-uint8array branch from 617e82d to bc790a8 Compare May 30, 2024 09:46
@s12v s12v changed the title fix: correctly decode Uint8Array fix (custom-resources): Uint8Array decoding May 30, 2024
@s12v s12v changed the title fix (custom-resources): Uint8Array decoding fix(custom-resources): Uint8Array decoding May 30, 2024
@s12v s12v changed the title fix(custom-resources): Uint8Array decoding fix(custom-resources): ArrayBufferView decoding May 30, 2024
This was referenced Jun 1, 2024
@aws-cdk-automation
Copy link
Collaborator

This PR has been in the CHANGES REQUESTED state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

@s12v s12v changed the title fix(custom-resources): ArrayBufferView decoding fix(custom-resources): ArrayBufferView decodes underlying buffer instead of the view Jun 25, 2024
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 20ee7a8
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error.

@aws-cdk-automation aws-cdk-automation added the closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. label Jun 26, 2024
@aws-cdk-automation
Copy link
Collaborator

The pull request linter fails with the following errors:

❌ Fixes must contain a change to an integration test file and the resulting snapshot.

PRs must pass status checks before we can provide a meaningful review.

If you would like to request an exemption from the status checks or clarification on feedback, please leave a comment on this PR containing Exemption Request and/or Clarification Request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. p2
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants