From 0fa44348f0faea27fcaab4c1117f958276c11944 Mon Sep 17 00:00:00 2001
From: Aimery Methena <159072740+aimethed@users.noreply.github.com>
Date: Wed, 14 Feb 2024 14:26:40 -0500
Subject: [PATCH] Update aws secret pattern matcher (#1755)

---
 .../connector/lambda/security/CachableSecretsManager.java     | 4 ++--
 .../lambda/security/CacheableSecretsManagerTest.java          | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/athena-federation-sdk/src/main/java/com/amazonaws/athena/connector/lambda/security/CachableSecretsManager.java b/athena-federation-sdk/src/main/java/com/amazonaws/athena/connector/lambda/security/CachableSecretsManager.java
index 3d5003398f..e557210bff 100644
--- a/athena-federation-sdk/src/main/java/com/amazonaws/athena/connector/lambda/security/CachableSecretsManager.java
+++ b/athena-federation-sdk/src/main/java/com/amazonaws/athena/connector/lambda/security/CachableSecretsManager.java
@@ -46,8 +46,8 @@ public class CachableSecretsManager
     private static final long MAX_CACHE_AGE_MS = 60_000;
     protected static final int MAX_CACHE_SIZE = 10;
 
-    private static final String SECRET_PATTERN = "(\\$\\{[a-zA-Z0-9-_\\-]+\\})";
-    private static final String SECRET_NAME_PATTERN = "\\$\\{([a-zA-Z0-9-_\\-]+)\\}";
+    private static final String SECRET_PATTERN = "(\\$\\{[a-zA-Z0-9-\\/_\\-\\.\\+=@]+\\})";
+    private static final String SECRET_NAME_PATTERN = "\\$\\{([a-zA-Z0-9-\\/_\\-\\.\\+=@]+)\\}";
     private static final Pattern PATTERN = Pattern.compile(SECRET_PATTERN);
     private static final Pattern NAME_PATTERN = Pattern.compile(SECRET_NAME_PATTERN);
 
diff --git a/athena-federation-sdk/src/test/java/com/amazonaws/athena/connector/lambda/security/CacheableSecretsManagerTest.java b/athena-federation-sdk/src/test/java/com/amazonaws/athena/connector/lambda/security/CacheableSecretsManagerTest.java
index 4fdd5f531e..181945f55f 100644
--- a/athena-federation-sdk/src/test/java/com/amazonaws/athena/connector/lambda/security/CacheableSecretsManagerTest.java
+++ b/athena-federation-sdk/src/test/java/com/amazonaws/athena/connector/lambda/security/CacheableSecretsManagerTest.java
@@ -124,6 +124,10 @@ public void resolveSecrets()
         String commonErrorsExpected = "ThisIsM}yStringWi${thTwoSecretS{uperSecretSecrets";
         assertEquals(commonErrorsExpected, cachableSecretsManager.resolveSecrets(commonErrors));
 
+        String secretAllowedSpecialChars = "ThisIs${/My}StringW${ith_}All${Of+The}${@llowed=}${Special-Characters.}";
+        String secretAllowedSpecialCharsExpected = "ThisIs/MyStringWith_AllOf+The@llowed=Special-Characters.";
+        assertEquals(secretAllowedSpecialCharsExpected, cachableSecretsManager.resolveSecrets(secretAllowedSpecialChars));
+
         String unknownSecret = "This${Unknown}";
         try {
             cachableSecretsManager.resolveSecrets(unknownSecret);