Skip to content
This repository has been archived by the owner on Dec 21, 2023. It is now read-only.

fix(webhook-service): Disallow @ file uploads inside data block #7158

Merged
merged 5 commits into from
Mar 15, 2022
Merged

fix(webhook-service): Disallow @ file uploads inside data block #7158

merged 5 commits into from
Mar 15, 2022

Conversation

warber
Copy link
Contributor

@warber warber commented Mar 15, 2022
edited
Loading

This PR contains additional checks for disallowing the usage of @ inside --data argument of curl

image

image

@warber warber added the CI:trigger-build-everything Trigger CI Build: Set BUILD_EVERYTHING=TRUE label Mar 15, 2022
@warber warber requested a review from a team as a code owner March 15, 2022 12:41
@codecov
Copy link

codecov bot commented Mar 15, 2022
edited
Loading

Codecov Report

Merging #7158 (8afc690) into master (6805da2) will increase coverage by 0.01%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #7158      +/-   ##
==========================================
+ Coverage   58.53%   58.55%   +0.01%     
==========================================
  Files         528      528              
  Lines       30732    30744      +12     
  Branches     1508     1508              
==========================================
+ Hits        17990    18001      +11     
  Misses      11474    11474              
- Partials     1268     1269       +1
Impacted Files Coverage Δ
webhook-service/lib/curl_executor.go 95.23% <100.00%> (+0.36%) ⬆️
distributor/pkg/uniform/log/uniformlog.go 71.87% <0.00%> (-4.69%) ⬇️
shipyard-controller/handler/sequencedispatcher.go 73.17% <0.00%> (+1.62%) ⬆️
Flag Coverage Δ
webhook-service 80.41% <100.00%> (+0.49%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

odubajDT
odubajDT previously approved these changes Mar 15, 2022
View reviewed changes
@warber
additional tests
32df0a7 
Signed-off-by: warber <[email protected]>
thisthat
thisthat previously approved these changes Mar 15, 2022
View reviewed changes
webhook-service/lib/curl_executor.go Outdated Show resolved Hide resolved
@warber warber removed the CI:trigger-build-everything Trigger CI Build: Set BUILD_EVERYTHING=TRUE label Mar 15, 2022
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@warber warber merged commit aa0f71e into master Mar 15, 2022
warber added a commit that referenced this pull request Mar 15, 2022
@warber
fix(webhook-service): Disallow @ file uploads inside data block (#7158
a2211fd 
)

* added failing test cases

Signed-off-by: warber <[email protected]>

* fix: disallow @ in data block

Signed-off-by: warber <[email protected]>

* fixed if condition when checking for data block

Signed-off-by: warber <[email protected]>

* additional tests

Signed-off-by: warber <[email protected]>

* incorp. review comment

Signed-off-by: warber <[email protected]>
(cherry picked from commit aa0f71e)
@warber warber mentioned this pull request Mar 15, 2022
Merged
warber added a commit that referenced this pull request Mar 15, 2022
@warber
fix(webhook-service): Disallow @ file uploads inside data block (#7158
40299f3 
)

* added failing test cases

Signed-off-by: warber <[email protected]>

* fix: disallow @ in data block

Signed-off-by: warber <[email protected]>

* fixed if condition when checking for data block

Signed-off-by: warber <[email protected]>

* additional tests

Signed-off-by: warber <[email protected]>

* incorp. review comment

Signed-off-by: warber <[email protected]>
(cherry picked from commit aa0f71e)
@warber warber mentioned this pull request Mar 15, 2022
Merged
@mowies mowies deleted the fix/wh-svc-disallow-uploading-files branch May 4, 2022 06:02
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@thisthat thisthat thisthat approved these changes

@odubajDT odubajDT odubajDT left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@warber @thisthat @odubajDT