Skip to content

Commit

Permalink
Git resolver: validate repo URL
Browse files Browse the repository at this point in the history
Make sure the repo URL is a valid git, http or https URL

Signed-off-by: Chmouel Boudjnah <chmouel@chmouel.com>
  • Loading branch information
chmouel committed Dec 12, 2023
1 parent 52bb407 commit aef2b83
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 9 deletions.
13 changes: 12 additions & 1 deletion pkg/resolution/resolver/git/resolver.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"fmt"
"io"
"os"
"regexp"
"strings"
"time"

Expand Down Expand Up @@ -142,6 +143,13 @@ func (r *Resolver) Resolve(ctx context.Context, origParams []pipelinev1.Param) (
return r.resolveAPIGit(ctx, params)
}

// validateRepoURL validates if the given URL is a valid git, http or https URL
func validateRepoURL(url string) bool {
pattern := `^(git|https?):\/\/`
re := regexp.MustCompile(pattern)
return re.MatchString(url)
}

func (r *Resolver) resolveAPIGit(ctx context.Context, params map[string]string) (framework.ResolvedResource, error) {
// If we got here, the "repo" param was specified, so use the API approach
scmType, serverURL, err := r.getSCMTypeAndServerURL(ctx)
Expand Down Expand Up @@ -488,7 +496,10 @@ func populateDefaultParams(ctx context.Context, params []pipelinev1.Param) (map[
return nil, fmt.Errorf("missing required git resolver params: %s", strings.Join(missingParams, ", "))
}

// TODO(sbwsg): validate repo url is well-formed, git:// or https://
if !validateRepoURL(paramsMap[urlParam]) {
return nil, fmt.Errorf("invalid git repository url: %s", paramsMap[urlParam])
}

// TODO(sbwsg): validate pathInRepo is valid relative pathInRepo
return paramsMap, nil
}
Expand Down
52 changes: 44 additions & 8 deletions pkg/resolution/resolver/git/resolver_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,16 +60,52 @@ func TestGetSelector(t *testing.T) {
}

func TestValidateParams(t *testing.T) {
resolver := Resolver{}

paramsWithRevision := map[string]string{
urlParam: "http://foo",
pathParam: "bar",
revisionParam: "baz",
tests := []struct {
name string
wantErr string
params map[string]string
}{
{
name: "params with revision",
params: map[string]string{
urlParam: "http://foo",
pathParam: "bar",
revisionParam: "baz",
},
},
{
name: "bad url",
params: map[string]string{
urlParam: "foo://bar",
pathParam: "path",
revisionParam: "revision",
},
wantErr: "invalid git repository url: foo://bar",
},
{
name: "clean path",
params: map[string]string{
urlParam: "git://bar",
pathParam: "./../../../../etc/passwd",
revisionParam: "revision",
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
resolver := Resolver{}
err := resolver.ValidateParams(context.Background(), toParams(tt.params))
if tt.wantErr == "" {
if err != nil {
t.Fatalf("unexpected error validating params: %v", err)
}
return
}

if err := resolver.ValidateParams(context.Background(), toParams(paramsWithRevision)); err != nil {
t.Fatalf("unexpected error validating params: %v", err)
if d := cmp.Diff(tt.wantErr, err.Error()); d != "" {
t.Errorf("unexpected error: %s", diff.PrintWantGot(d))
}
})
}
}

Expand Down

0 comments on commit aef2b83

Please sign in to comment.