Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fix] Allow special chars when specifying flag_name in API #650

Merged
merged 2 commits into from
Jul 2, 2024
Merged

[Fix] Allow special chars when specifying flag_name in API #650

merged 2 commits into from
Jul 2, 2024

Conversation

rohitvinnakota-codecov
Copy link
Contributor

@rohitvinnakota-codecov rohitvinnakota-codecov commented Jun 28, 2024
edited
Loading

This PR closes https://github.com/codecov/internal-issues/issues/526

Using the path URL pattern allows us to parse trailing chars and special characters

Some extra info here: https://stackoverflow.com/questions/68251393/how-one-can-capture-string-that-contain-one-or-more-forward-slash-in-django-urls

Before
Screenshot 2024-06-28 at 11 53 09 AM

After
Screenshot 2024-06-28 at 11 52 56 AM

Legal Boilerplate

Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. In 2022 this entity acquired Codecov and as result Sentry is going to need some rights from me in order to utilize my contributions in this PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.

@codecov-qa
Copy link

codecov-qa bot commented Jun 28, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.53%. Comparing base (dde68bf) to head (d10ad44).

✅ All tests successful. No failed tests found.

@@           Coverage Diff           @@
##             main     #650   +/-   ##
=======================================
  Coverage   91.53%   91.53%           
=======================================
  Files         621      621           
  Lines       16568    16568           
=======================================
  Hits        15166    15166           
  Misses       1402     1402
Flag Coverage Δ
unit 91.53% <100.00%> (ø)
unit-latest-uploader 91.53% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
api/public/v2/urls.py 100.00% <100.00%> (ø)

📣 Codecov offers a browser extension for seamless coverage viewing on GitHub. Try it in Chrome or Firefox today!

@codecov-notifications
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

@codecov-public-qa Codecov Public QA
Copy link

codecov-public-qa bot commented Jun 28, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.53%. Comparing base (dde68bf) to head (d10ad44).

✅ All tests successful. No failed tests found ☺️

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #650   +/-   ##
=======================================
  Coverage   91.53%   91.53%           
=======================================
  Files         621      621           
  Lines       16568    16568           
=======================================
  Hits        15166    15166           
  Misses       1402     1402
Flag Coverage Δ
unit 91.53% <100.00%> (ø)
unit-latest-uploader 91.53% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
api/public/v2/urls.py 100.00% <100.00%> (ø)

Impacted file tree graph

@codecov Codecov
Copy link

codecov bot commented Jun 28, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.93%. Comparing base (dde68bf) to head (d10ad44).

✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@             Coverage Diff             @@
##               main       #650   +/-   ##
===========================================
  Coverage   95.93000   95.93000           
===========================================
  Files           799        799           
  Lines         17885      17885           
===========================================
  Hits          17158      17158           
  Misses          727        727
Flag Coverage Δ
unit 91.53% <100.00%> (ø)
unit-latest-uploader 91.53% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@eliatcodecov
Copy link
Contributor

@ai-review-prompt-prod Don't mind me. Just seeing if this works.

codecov-ai[bot]
codecov-ai bot reviewed Jun 28, 2024
View reviewed changes
api/public/v2/urls.py
@@ -67,7 +67,7 @@
service_prefix = "<str:service>/"
owner_prefix = "<str:service>/<str:owner_username>/"
repo_prefix = "<str:service>/<str:owner_username>/repos/<str:repo_name>/"
flag_prefix = repo_prefix + "flags/<str:flag_name>/"
flag_prefix = repo_prefix + "flags/<path:flag_name>/"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changing the flag_name parameter from to allows for slashes in the flag_name, which might be necessary for certain use cases. However, this change could potentially introduce security vulnerabilities if the flag_name is not properly sanitized. Ensure that the flag_name is validated and sanitized to prevent directory traversal attacks or other security issues.

@rohitvinnakota-codecov rohitvinnakota-codecov added this pull request to the merge queue Jul 2, 2024
Merged via the queue into main with commit d46630d Jul 2, 2024
22 checks passed
@rohitvinnakota-codecov rohitvinnakota-codecov deleted the rvinnakota/flag-parse-fix branch July 2, 2024 13:46
@Adal3n3 Adal3n3 mentioned this pull request Jul 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codecov-ai codecov-ai[bot] codecov-ai[bot] left review comments

@JerrySentry JerrySentry JerrySentry approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rohitvinnakota-codecov @eliatcodecov @JerrySentry