Skip to content

Commit

Permalink
fix: cloneDirectory validation on git artifcatory spec (#2407)
Browse files Browse the repository at this point in the history
Signed-off-by: Derek Wang <[email protected]>
  • Loading branch information
whynowy committed Jan 17, 2023
1 parent f60ae2c commit f545dfb
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 19 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -176,9 +176,9 @@ jobs:
dist/*.gz
dist/argo-events-checksums.txt
dist/argo-events-checksums.sig
dist/argo-events-cosign.pub
manifests/*.yaml
/tmp/sbom.tar.gz
/tmp/sbom.tar.gz.sig
/dist/argo-events-cosign.pub
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
5 changes: 4 additions & 1 deletion sensors/artifacts/git.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,10 @@ func NewGitReader(gitArtifact *v1alpha1.GitArtifact) (*GitArtifactReader, error)
}
for _, na := range notAllowedInPath {
if strings.Contains(gitArtifact.FilePath, na) {
return nil, fmt.Errorf("%q is not allowed in the filepath", na)
return nil, fmt.Errorf("%q is not allowed in the filePath", na)
}
if strings.Contains(gitArtifact.CloneDirectory, na) {
return nil, fmt.Errorf("%q is not allowed in the cloneDirectory", na)
}
}

Expand Down
36 changes: 24 additions & 12 deletions sensors/artifacts/git_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ package artifacts
import (
"testing"

"github.com/smartystreets/goconvey/convey"
"github.com/stretchr/testify/assert"
corev1 "k8s.io/api/core/v1"

"github.com/argoproj/argo-events/pkg/apis/sensor/v1alpha1"
Expand All @@ -46,35 +46,47 @@ var gar = &GitArtifactReader{
}

func TestNewGitReader(t *testing.T) {
convey.Convey("Given configuration, get new git reader", t, func() {
t.Run("Given configuration, get new git reader", func(t *testing.T) {
reader, err := NewGitReader(&v1alpha1.GitArtifact{})
convey.So(err, convey.ShouldBeNil)
convey.So(reader, convey.ShouldNotBeNil)
assert.NoError(t, err)
assert.NotNil(t, reader)
})

t.Run("bad clone dir", func(t *testing.T) {
_, err := NewGitReader(&v1alpha1.GitArtifact{CloneDirectory: "/abc/../opt"})
assert.Error(t, err)
assert.Contains(t, err.Error(), "not allowed")
})

t.Run("bad file path", func(t *testing.T) {
_, err := NewGitReader(&v1alpha1.GitArtifact{FilePath: "abc/efg/../../../root"})
assert.Error(t, err)
assert.Contains(t, err.Error(), "not allowed")
})
}

func TestGetRemote(t *testing.T) {
convey.Convey("Test git remote", t, func() {
t.Run("Test git remote", func(t *testing.T) {
remote := gar.getRemote()
convey.So(remote, convey.ShouldEqual, DefaultRemote)
assert.Equal(t, DefaultRemote, remote)
})
}

func TestGetBranchOrTag(t *testing.T) {
convey.Convey("Given a git minio, get the branch or tag", t, func() {
t.Run("Given a git minio, get the branch or tag", func(t *testing.T) {
br := gar.getBranchOrTag()
convey.So(br.Branch, convey.ShouldEqual, "refs/heads/master")
assert.Equal(t, "refs/heads/master", br.Branch.String())
gar.artifact.Branch = "br"
br = gar.getBranchOrTag()
convey.So(br.Branch, convey.ShouldNotEqual, "refs/heads/master")
assert.NotEqual(t, "refs/heads/master", br.Branch.String())
gar.artifact.Tag = "t"
tag := gar.getBranchOrTag()
convey.So(tag.Branch, convey.ShouldNotEqual, "refs/heads/master")
assert.NotEqual(t, "refs/heads/master", tag.Branch.String())
})

convey.Convey("Given a git minio with a specific ref, get the ref", t, func() {
t.Run("Given a git minio with a specific ref, get the ref", func(t *testing.T) {
gar.artifact.Ref = "refs/something/weird/or/specific"
br := gar.getBranchOrTag()
convey.So(br.Branch, convey.ShouldEqual, "refs/something/weird/or/specific")
assert.Equal(t, "refs/something/weird/or/specific", br.Branch.String())
})
}
10 changes: 5 additions & 5 deletions sensors/triggers/kafka/kafka.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,13 +83,13 @@ func NewKafkaTrigger(sensor *v1alpha1.Sensor, trigger *v1alpha1.Trigger, kafkaPr

user, err := common.GetSecretFromVolume(kafkatrigger.SASL.UserSecret)
if err != nil {
return nil, fmt.Errorf("Error getting user value from secret, %w", err)
return nil, fmt.Errorf("error getting user value from secret, %w", err)
}
config.Net.SASL.User = user

password, err := common.GetSecretFromVolume(kafkatrigger.SASL.PasswordSecret)
if err != nil {
return nil, fmt.Errorf("Error getting password value from secret, %w", err)
return nil, fmt.Errorf("error getting password value from secret, %w", err)
}
config.Net.SASL.Password = password
}
Expand Down Expand Up @@ -137,7 +137,7 @@ func NewKafkaTrigger(sensor *v1alpha1.Sensor, trigger *v1alpha1.Trigger, kafkaPr

if kafkatrigger.SchemaRegistry != nil {
var err error
schema, err = GetSchemaFromRegistry(kafkatrigger.SchemaRegistry)
schema, err = getSchemaFromRegistry(kafkatrigger.SchemaRegistry)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -263,8 +263,8 @@ func avroParser(schema string, schemaID int, payload []byte) ([]byte, error) {
return recordValue, nil
}

// GetSchemaFromRegistry returns a schema from registry.
func GetSchemaFromRegistry(sr *apicommon.SchemaRegistryConfig) (*srclient.Schema, error) {
// getSchemaFromRegistry returns a schema from registry.
func getSchemaFromRegistry(sr *apicommon.SchemaRegistryConfig) (*srclient.Schema, error) {
schemaRegistryClient := srclient.CreateSchemaRegistryClient(sr.URL)
if sr.Auth.Username != nil && sr.Auth.Password != nil {
user, _ := common.GetSecretFromVolume(sr.Auth.Username)
Expand Down

0 comments on commit f545dfb

Please sign in to comment.