If you know that you will be loading credential configurations of a specific type, it is + * recommended to use a credential-type-specific `fromStream()` method. This will ensure that an + * unexpected credential type with potential for malicious intent is not loaded unintentionally. + * You might still have to do validation for certain credential types. Please follow the + * recommendation for that method. + * + *
If you are loading your credential configuration from an untrusted source and have not + * mitigated the risks (e.g. by validating the configuration yourself), make these changes as soon + * as possible to prevent security risks to your environment. + * + *
Regardless of the method used, it is always your responsibility to validate configurations + * received from external sources. + * + *
See the {@see documentation} + * for more details. + * + *
Creates a {@code RemoteStorageHelper} object for the given project id and JSON key input * stream. * * @param projectId id of the project to be used for running the tests @@ -195,21 +216,12 @@ public static String generateBucketName() { * @throws com.google.cloud.storage.testing.RemoteStorageHelper.StorageHelperException if {@code * keyStream} is not a valid JSON key stream */ + @ObsoleteApi( + "This method is obsolete because of a potential security risk. Use the create() variant with Credential parameter instead") public static RemoteStorageHelper create(String projectId, InputStream keyStream) throws StorageHelperException { try { - HttpTransportOptions transportOptions = - HttpStorageOptions.defaults().getDefaultTransportOptions(); - transportOptions = - transportOptions.toBuilder().setConnectTimeout(60000).setReadTimeout(60000).build(); - StorageOptions storageOptions = - StorageOptions.http() - .setCredentials(GoogleCredentials.fromStream(keyStream)) - .setProjectId(projectId) - .setRetrySettings(retrySettings()) - .setTransportOptions(transportOptions) - .build(); - return new RemoteStorageHelper(storageOptions); + return create(projectId, GoogleCredentials.fromStream(keyStream)); } catch (IOException ex) { if (log.isLoggable(Level.WARNING)) { log.log(Level.WARNING, ex.getMessage()); @@ -218,6 +230,28 @@ public static RemoteStorageHelper create(String projectId, InputStream keyStream } } + /** + * Creates a {@code RemoteStorageHelper} object for the given project id and Credential. + * + * @param projectId id of the project to be used for running the tests + * @param credentials GoogleCredential to set to StorageOptions + * @return A {@code RemoteStorageHelper} object for the provided options + */ + public static RemoteStorageHelper create(String projectId, GoogleCredentials credentials) { + HttpTransportOptions transportOptions = + HttpStorageOptions.defaults().getDefaultTransportOptions(); + transportOptions = + transportOptions.toBuilder().setConnectTimeout(60000).setReadTimeout(60000).build(); + StorageOptions storageOptions = + StorageOptions.http() + .setCredentials(credentials) + .setProjectId(projectId) + .setRetrySettings(retrySettings()) + .setTransportOptions(transportOptions) + .build(); + return new RemoteStorageHelper(storageOptions); + } + /** * Creates a {@code RemoteStorageHelper} object using default project id and authentication * credentials.