fixes #2075 - STS should raise on too long policy for federation token

2019-07-20 08:25:46 +02:00 · 2019-07-20 08:25:46 +02:00 · 67c8ea0352
commit 67c8ea0352
parent 5c34c06d07
3 changed files with 60 additions and 1 deletions
--- a/moto/sts/exceptions.py
+++ b/moto/sts/exceptions.py
@ -0,0 +1,15 @@
+from __future__ import unicode_literals
+from moto.core.exceptions import RESTError
+
+
+class STSClientError(RESTError):
+    code = 400
+
+
+class STSValidationError(STSClientError):
+
+    def __init__(self, *args, **kwargs):
+        super(STSValidationError, self).__init__(
+            "ValidationError",
+            *args, **kwargs
+        )
--- a/moto/sts/responses.py
+++ b/moto/sts/responses.py
@ -1,8 +1,11 @@
 from __future__ import unicode_literals

 from moto.core.responses import BaseResponse
+from .exceptions import STSValidationError
 from .models import sts_backend

+MAX_FEDERATION_TOKEN_POLICY_LENGTH = 2048
+

 class TokenResponse(BaseResponse):

@ -15,6 +18,15 @@ class TokenResponse(BaseResponse):
    def get_federation_token(self):
        duration = int(self.querystring.get('DurationSeconds', [43200])[0])
        policy = self.querystring.get('Policy', [None])[0]
+
+        if policy is not None and len(policy) > MAX_FEDERATION_TOKEN_POLICY_LENGTH:
+            raise STSValidationError(
+                "1 validation error detected: Value "
+                "'{\"Version\": \"2012-10-17\", \"Statement\": [...]}' "
+                "at 'policy' failed to satisfy constraint: Member must have length less than or "
+                " equal to %s" % MAX_FEDERATION_TOKEN_POLICY_LENGTH
+            )
+
        name = self.querystring.get('Name')[0]
        token = sts_backend.get_federation_token(
            duration=duration, name=name, policy=policy)