Fix - check raw secret result before passing allong in environment variable secret provider (#252)

stijnmoreels · web-flow · commit f2eca30cb879 · 2021-02-16T08:12:15.000+01:00
diff --git a/src/Arcus.Security.Core/Providers/EnvironmentVariableSecretProvider.cs b/src/Arcus.Security.Core/Providers/EnvironmentVariableSecretProvider.cs
@@ -42,6 +42,11 @@ public async Task<Secret> GetSecretAsync(string secretName)
             Guard.NotNullOrWhitespace(secretName, nameof(secretName), "Requires a non-blank secret name to look up the environment secret");
             
             string secretValue = await GetRawSecretAsync(secretName);
+            if (secretValue is null)
+            {
+                return null;
+            }
+
             return new Secret(secretValue);
         }
 
diff --git a/src/Arcus.Security.Tests.Unit/Core/EnvironmentVariableSecretProviderTests.cs b/src/Arcus.Security.Tests.Unit/Core/EnvironmentVariableSecretProviderTests.cs
@@ -281,6 +281,19 @@ public void ConfigureSecretStore_WithOptionsWithOutOfBoundsTarget_Throws()
             Assert.ThrowsAny<ArgumentException>(() => builder.Build());
         }
 
+        [Fact]
+        public async Task GetSecret_WithoutSecretResult_ReturnsNull()
+        {
+            // Arrange
+            var provider = new EnvironmentVariableSecretProvider();
+            
+            // Act
+            Secret result = await provider.GetSecretAsync($"random-not-found-secret-{Guid.NewGuid()}");
+            
+            // Assert
+            Assert.Null(result);
+        }
+
         [Theory]
         [InlineData(null)]
         [InlineData("")]
