From 2811101dea1e2f1b27c51a1b61615efda85217b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cat=E2=84=A2?= <me@hackerc.at>
Date: Tue, 12 Jan 2021 17:54:53 +0000
Subject: [PATCH] Make all secrets case insensitive by formatting them to
 uppercase (#470)

* Uppercase secrets, print error when secret with same name already exists

* Test lower-to-upper case formatting for secrets
---
 cmd/secrets.go                | 4 ++++
 pkg/runner/expression.go      | 3 +++
 pkg/runner/expression_test.go | 8 ++++++++
 3 files changed, 15 insertions(+)

diff --git a/cmd/secrets.go b/cmd/secrets.go
index 86ce175..112861f 100644
--- a/cmd/secrets.go
+++ b/cmd/secrets.go
@@ -15,6 +15,10 @@ func newSecrets(secretList []string) secrets {
 	s := make(map[string]string)
 	for _, secretPair := range secretList {
 		secretPairParts := strings.SplitN(secretPair, "=", 2)
+		secretPairParts[0] = strings.ToUpper(secretPairParts[0])
+		if strings.ToUpper(s[secretPairParts[0]]) == secretPairParts[0] {
+			log.Fatalf("Secret %s is already defined (secrets are case insensitive)", secretPairParts[0])
+		}
 		if len(secretPairParts) == 2 {
 			s[secretPairParts[0]] = secretPairParts[1]
 		} else if env, ok := os.LookupEnv(secretPairParts[0]); ok && env != "" {
diff --git a/pkg/runner/expression.go b/pkg/runner/expression.go
index 77e161b..0f45ada 100644
--- a/pkg/runner/expression.go
+++ b/pkg/runner/expression.go
@@ -61,6 +61,9 @@ type expressionEvaluator struct {
 }
 
 func (ee *expressionEvaluator) Evaluate(in string) (string, bool, error) {
+	if strings.HasPrefix(in, `secrets.`){
+		in = `secrets.`+strings.ToUpper(strings.SplitN(in, `.`, 2)[1])
+	}
 	re := ee.Rewrite(in)
 	if re != in {
 		log.Debugf("Evaluating '%s' instead of '%s'", re, in)
diff --git a/pkg/runner/expression_test.go b/pkg/runner/expression_test.go
index 607d7e9..a00b88d 100644
--- a/pkg/runner/expression_test.go
+++ b/pkg/runner/expression_test.go
@@ -14,6 +14,9 @@ func TestEvaluate(t *testing.T) {
 	rc := &RunContext{
 		Config: &Config{
 			Workdir: ".",
+			Secrets: map[string]string{
+				"LOWER_CASE_SECRET": "value",
+			},
 		},
 		Env: map[string]string{
 			"key": "value",
@@ -102,6 +105,7 @@ func TestEvaluate(t *testing.T) {
 		{"matrix.os", "Linux", ""},
 		{"matrix.foo", "bar", ""},
 		{"env.key", "value", ""},
+		{"secrets.lower_case_secret", "value", ""},
 	}
 
 	for _, table := range tables {
@@ -124,6 +128,9 @@ func TestInterpolate(t *testing.T) {
 	rc := &RunContext{
 		Config: &Config{
 			Workdir: ".",
+			Secrets: map[string]string{
+				"LOWER_CASE_SECRET": "value",
+			},
 		},
 		Env: map[string]string{
 			"KEYWITHNOTHING":       "valuewithnothing",
@@ -151,6 +158,7 @@ func TestInterpolate(t *testing.T) {
 		{" ${{ env.KEYWITHNOTHING }} ", " valuewithnothing "},
 		{" ${{ env.KEY-WITH-HYPHENS }} ", " value-with-hyphens "},
 		{" ${{ env.KEY_WITH_UNDERSCORES }} ", " value_with_underscores "},
+		{" ${{ secrets.lower_case_secret }} ", " value "},
 		{"${{ env.UNKNOWN }}", ""},
 		{"${{ env.SOMETHING_TRUE }}", "true"},
 		{"${{ env.SOMETHING_FALSE }}", "false"},