Merge pull request #57 from envato/dont-decode-policy

Dont decode S3 Bucket policies

iamy/aws.go

@@ -92,7 +92,7 @@ func (a *AwsFetcher) fetchS3Data() error {
 			continue
 		}
 
-		policyDoc, err := NewPolicyDocumentFromEncodedJson(b.policyJson)
+		policyDoc, err := NewPolicyDocumentFromJson(b.policyJson)
 		if err != nil {
 			return errors.Wrap(err, "Error creating Policy document")
 		}

iamy/policy.go

@@ -8,18 +8,23 @@ import (
 	"sort"
 )
 
-func NewPolicyDocumentFromEncodedJson(encoded string) (*PolicyDocument, error) {
-	jsonString, err := url.QueryUnescape(encoded)
-	if err != nil {
+func NewPolicyDocumentFromJson(jsonString string) (*PolicyDocument, error) {
+	var doc PolicyDocument
+	if err := json.Unmarshal([]byte(jsonString), &doc); err != nil {
+		log.Printf("Error unmarshalling JSON %s %s", err, jsonString)
 		return nil, err
 	}
 
-	var doc PolicyDocument
-	if err = json.Unmarshal([]byte(jsonString), &doc); err != nil {
+	return &doc, nil
+}
+
+func NewPolicyDocumentFromEncodedJson(encoded string) (*PolicyDocument, error) {
+	jsonString, err := url.QueryUnescape(encoded)
+	if err != nil {
 		return nil, err
 	}
 
-	return &doc, nil
+	return NewPolicyDocumentFromJson(jsonString)
 }
 
 // PolicyDocument represents an AWS policy document.

iamy/policy_test.go

@@ -126,3 +126,10 @@ Actual:  %#v`, nt.description, nt.input, nt.expected, result)
 		}
 	}
 }
+
+func TestNewPolicyDocumentFromJson(t *testing.T) {
+	_, err := NewPolicyDocumentFromJson(`{"Version":"2012-10-17","Id":"AllowPublicRead","Statement":[{"Sid":"PublicReadBucketObjects","Effect":"Allow","Principal":"*","Action":"s3:GetObject","Resource":"arn:aws:s3:::example.com/*","Condition":{"StringEquals":{"aws:Referer":"%zz"}}}]}`)
+	if err != nil {
+		t.Errorf("Error decoding policy %s", err)
+	}
+}