Merge branch 'master' into default_for_simple_type

cico_setup.sh

@@ -55,7 +55,9 @@ function prepare() {
   # Start "flow-heater" container to build in and run tests in.
   # Every make target that begins with "docker-" will be executed
   # in the resulting container.
+  make docker-rm
   make docker-start
+
   make docker-check-go-format
   # Download Go dependencies
   make docker-deps

controller/codebase_blackbox_test.go

@@ -343,12 +343,13 @@ func (s *CodebaseControllerTestSuite) TestUpdateCodebase() {
 			},
 		}
 	}
-	r, err := recorder.New("../test/data/gemini-scan/codebase-update-ok")
-	require.NoError(t, err)
-	defer r.Stop()
-	m := httpmonitor.NewTransportMonitor(r.Transport)
 
 	t.Run("OK", func(t *testing.T) {
+		r, err := recorder.New("../test/data/gemini-scan/codebase-update-ok")
+		require.NoError(t, err)
+		defer r.Stop()
+		m := httpmonitor.NewTransportMonitor(r.Transport)
+
 		// given
 		fxt := tf.NewTestFixture(t, s.DB, tf.Codebases(1))
 		codebase := fxt.Codebases[0]
@@ -371,6 +372,15 @@ func (s *CodebaseControllerTestSuite) TestUpdateCodebase() {
 		require.Equal(t, false, *result.Data.Attributes.CveScan)
 		require.Equal(t, newType, *result.Data.Attributes.Type)
 		require.Equal(t, newStack, *result.Data.Attributes.StackID)
+
+		err = m.ValidateExchanges(
+			httpmonitor.Exchange{
+				RequestMethod: "GET",
+				RequestURL:    "http://core/api/search/codebases?url=git%40github.com%3Afabric8-services%2Ffabric8-wit.git",
+				StatusCode:    200,
+			},
+		)
+		require.NoError(t, err)
 	})
 
 	t.Run("forbidden for wrong user", func(t *testing.T) {

controller/space_codebases.go

@@ -1,12 +1,9 @@
 package controller
 
 import (
-	"context"
-
 	"github.com/fabric8-services/fabric8-wit/app"
 	"github.com/fabric8-services/fabric8-wit/application"
 	"github.com/fabric8-services/fabric8-wit/codebase"
-	gemini "github.com/fabric8-services/fabric8-wit/codebase/analytics-gemini"
 	"github.com/fabric8-services/fabric8-wit/errors"
 	"github.com/fabric8-services/fabric8-wit/jsonapi"
 	"github.com/fabric8-services/fabric8-wit/login"
@@ -18,8 +15,7 @@ import (
 // SpaceCodebasesController implements the space-codebases resource.
 type SpaceCodebasesController struct {
 	*goa.Controller
-	db                    application.DB
-	AnalyticsGeminiClient AnalyticsGeminiClientProvider
+	db application.DB
 }
 
 // NewSpaceCodebasesController creates a space-codebases controller.
@@ -45,7 +41,7 @@ func (c *SpaceCodebasesController) Create(ctx *app.CreateSpaceCodebasesContext)
 		return jsonapi.JSONErrorResponse(ctx, errors.NewBadParameterError("data.attributes.url", nil).Expected("not nil"))
 	}
 	// the default value of cveScan
-	cveScan := true
+	cveScan := false
 	if reqIter.Attributes.CveScan != nil {
 		cveScan = *reqIter.Attributes.CveScan
 	}
@@ -72,26 +68,13 @@ func (c *SpaceCodebasesController) Create(ctx *app.CreateSpaceCodebasesContext)
 		return jsonapi.JSONErrorResponse(ctx, err)
 	}
 
-	// new codebase is added register with analytics service
-	if err = c.registerCodebaseToGeminiForScan(ctx, cdb.URL); err != nil {
-		return jsonapi.JSONErrorResponse(ctx, err)
-	}
-
 	res := &app.CodebaseSingle{
 		Data: ConvertCodebase(ctx.Request, *cdb),
 	}
 	ctx.ResponseData.Header().Set("Location", rest.AbsoluteURL(ctx.Request, app.CodebaseHref(res.Data.ID)))
 	return ctx.Created(res)
 }
 
-// registerCodebaseToGeminiForScan when given the codebase URL, subscribes this codebase
-// to enable code scanning to find CVEs with the analytics gemini service
-func (c *SpaceCodebasesController) registerCodebaseToGeminiForScan(ctx context.Context, repoURL string) error {
-	scanClient := c.AnalyticsGeminiClient()
-	req := gemini.NewScanRepoRequest(repoURL)
-	return scanClient.Register(ctx, req)
-}
-
 // List runs the list action.
 func (c *SpaceCodebasesController) List(ctx *app.ListSpaceCodebasesContext) error {
 	offset, limit := computePagingLimits(ctx.PageOffset, ctx.PageLimit)

controller/space_codebases_test.go

@@ -2,18 +2,14 @@ package controller_test
 
 import (
 	"context"
-	"net/http"
 	"strconv"
 	"strings"
 	"testing"
 
-	"github.com/dnaeon/go-vcr/recorder"
 	"github.com/fabric8-services/fabric8-wit/account"
 	"github.com/fabric8-services/fabric8-wit/app"
 	"github.com/fabric8-services/fabric8-wit/app/test"
 	"github.com/fabric8-services/fabric8-wit/application"
-	gemini "github.com/fabric8-services/fabric8-wit/codebase/analytics-gemini"
-	"github.com/fabric8-services/fabric8-wit/configuration"
 	. "github.com/fabric8-services/fabric8-wit/controller"
 	"github.com/fabric8-services/fabric8-wit/gormtestsupport"
 	"github.com/fabric8-services/fabric8-wit/resource"
@@ -47,30 +43,6 @@ func (rest *TestSpaceCodebaseREST) SetupTest() {
 // closure definition
 type ConfigureSpaceCodebaseController func(spaceCdb *SpaceCodebasesController)
 
-// withAnalyticsGeminiForSpaceCodebase takes in the function that initializes
-// the Analytics Gemini service client and returns ConfigureSpaceCodebaseController
-func withAnalyticsGeminiForSpaceCodebase(f AnalyticsGeminiClientProvider) ConfigureSpaceCodebaseController {
-	return func(spaceCdb *SpaceCodebasesController) {
-		spaceCdb.AnalyticsGeminiClient = f
-	}
-}
-
-// MockAnalyticsGeminiForSpaceCodebase returns function that initializes
-// the Gemini service client by taking the gemini and codebase service
-// http.Client as parameters
-func MockAnalyticsGeminiForSpaceCodebase(geminiCl, codebaseCl *http.Client) func() *gemini.ScanRepoClient {
-	config, _ := configuration.New("")
-	return func() *gemini.ScanRepoClient {
-		return gemini.NewScanRepoClient(
-			config.GetAnalyticsGeminiServiceURL(),
-			geminiCl,
-			config.GetCodebaseServiceURL(),
-			codebaseCl,
-			false,
-		)
-	}
-}
-
 // SecuredControllerWithIdentity takes the identity object and then
 // variable list of the ConfigureSpaceCodebaseController which can
 // be used to customize the SpaceCodebasesController object
@@ -118,19 +90,13 @@ func (rest *TestSpaceCodebaseREST) TestCreateCodebaseCreated() {
 	ci := createSpaceCodebase("https://github.com/fabric8-services/fabric8-wit.git", &stackId)
 
 	t := rest.T()
-	// start the recorder
-	r, err := recorder.New("../test/data/gemini-scan/space-codebase-created")
-	require.NoError(t, err)
-	defer r.Stop()
-	cl := &http.Client{Transport: r.Transport}
-
-	svc, ctrl := rest.SecuredController(withAnalyticsGeminiForSpaceCodebase(MockAnalyticsGeminiForSpaceCodebase(cl, cl)))
+	svc, ctrl := rest.SecuredController()
 	_, c := test.CreateSpaceCodebasesCreated(t, svc.Context, svc, ctrl, sp.ID, ci)
 	require.NotNil(t, c.Data.ID)
 	require.NotNil(t, c.Data.Relationships.Space)
 	assert.Equal(t, sp.ID.String(), *c.Data.Relationships.Space.Data.ID)
 	require.NotNil(t, c.Data.Attributes.CveScan)
-	assert.Equal(t, true, *c.Data.Attributes.CveScan)
+	assert.False(t, *c.Data.Attributes.CveScan)
 	assert.Equal(t, "https://github.com/fabric8-services/fabric8-wit.git", *c.Data.Attributes.URL)
 	assert.Equal(t, "stackId", *c.Data.Attributes.StackID)
 }
@@ -140,13 +106,7 @@ func (rest *TestSpaceCodebaseREST) TestCreateCodebaseWithNoStackIdCreated() {
 	ci := createSpaceCodebase("https://github.com/fabric8-services/fabric8-wit.git", nil)
 
 	t := rest.T()
-	// start the recorder
-	r, err := recorder.New("../test/data/gemini-scan/space-codebase-created")
-	require.NoError(t, err)
-	defer r.Stop()
-	cl := &http.Client{Transport: r.Transport}
-
-	svc, ctrl := rest.SecuredController(withAnalyticsGeminiForSpaceCodebase(MockAnalyticsGeminiForSpaceCodebase(cl, cl)))
+	svc, ctrl := rest.SecuredController()
 	_, c := test.CreateSpaceCodebasesCreated(t, svc.Context, svc, ctrl, sp.ID, ci)
 	require.NotNil(t, c.Data.ID)
 	require.NotNil(t, c.Data.Relationships.Space)
@@ -177,13 +137,7 @@ func (rest *TestSpaceCodebaseREST) TestListCodebase() {
 
 	repo := "https://github.com/fabric8-services/fabric8-wit.git"
 
-	// start the recorder
-	r, err := recorder.New("../test/data/gemini-scan/space-codebase-created")
-	require.NoError(t, err)
-	defer r.Stop()
-	cl := &http.Client{Transport: r.Transport}
-
-	svc, ctrl := rest.SecuredController(withAnalyticsGeminiForSpaceCodebase(MockAnalyticsGeminiForSpaceCodebase(cl, cl)))
+	svc, ctrl := rest.SecuredController()
 	spaceId := sp.ID
 	anotherSpaceId := anotherSpace.ID
 	var createdSpacesUuids1 []uuid.UUID

controller/work_item_link_blackbox_test.go

@@ -2,7 +2,6 @@ package controller_test
 
 import (
 	"bytes"
-	"context"
 	"fmt"
 	"net/http"
 	"path/filepath"
@@ -17,9 +16,7 @@ import (
 	. "github.com/fabric8-services/fabric8-wit/controller"
 	"github.com/fabric8-services/fabric8-wit/gormtestsupport"
 	"github.com/fabric8-services/fabric8-wit/jsonapi"
-	"github.com/fabric8-services/fabric8-wit/ptr"
 	"github.com/fabric8-services/fabric8-wit/resource"
-	"github.com/fabric8-services/fabric8-wit/rest"
 	testsupport "github.com/fabric8-services/fabric8-wit/test"
 	tf "github.com/fabric8-services/fabric8-wit/test/testfixture"
 	testtoken "github.com/fabric8-services/fabric8-wit/test/token"
@@ -61,47 +58,6 @@ func newCreateWorkItemLinkCategoryPayload(name string) *app.CreateWorkItemLinkCa
 	}
 }
 
-// CreateWorkItem defines a work item link
-func newCreateWorkItemPayload(spaceID uuid.UUID, workItemType uuid.UUID, title string) *app.CreateWorkitemsPayload {
-	spaceRelatedURL := rest.AbsoluteURL(&http.Request{Host: "api.service.domain.org"}, app.SpaceHref(spaceID.String()))
-	witRelatedURL := rest.AbsoluteURL(&http.Request{Host: "api.service.domain.org"}, app.WorkitemtypeHref(workItemType))
-	payload := app.CreateWorkitemsPayload{
-		Data: &app.WorkItem{
-			Attributes: map[string]interface{}{
-				workitem.SystemTitle: title,
-				workitem.SystemState: workitem.SystemStateClosed,
-			},
-			Relationships: &app.WorkItemRelationships{
-				BaseType: &app.RelationBaseType{
-					Data: &app.BaseTypeData{
-						ID:   workItemType,
-						Type: "workitemtypes",
-					},
-					Links: &app.GenericLinks{
-						Self:    &witRelatedURL,
-						Related: &witRelatedURL,
-					},
-				},
-				Space: app.NewSpaceRelation(spaceID, spaceRelatedURL),
-			},
-			Type: "workitems",
-		},
-	}
-	return &payload
-}
-
-// createWorkItemType calls createPersonWIT
-func createWorkItemType(t *testing.T, db application.DB, id, spaceTemplateID uuid.UUID) *workitem.WorkItemType {
-	wit, err := db.WorkItemTypes().Create(context.Background(), spaceTemplateID, &id, nil, "person", ptr.String("Description for 'person'"), "fa-user", workitem.FieldDefinitions{
-		"test": {
-			Required: false,
-			Type:     &workitem.SimpleType{Kind: "string"},
-		},
-	}, true)
-	require.Nil(t, err)
-	return wit
-}
-
 // createWorkItemLinkType creates a workitem link type
 func createWorkItemLinkType(t *testing.T, db application.DB, name string, categoryID, spaceTemplateID uuid.UUID) *link.WorkItemLinkType {
 	description := "Specify that one bug blocks another one."
@@ -115,12 +71,6 @@ func createWorkItemLinkType(t *testing.T, db application.DB, name string, catego
 		SpaceTemplateID: spaceTemplateID,
 	}
 	return &lt
-	// reqLong := &http.Request{Host: "api.service.domain.org"}
-	// payload := ConvertWorkItemLinkTypeFromModel(reqLong, lt)
-	// // The create payload is required during creation. Simply copy data over.
-	// return &app.CreateWorkItemLinkTypePayload{
-	// 	Data: payload.Data,
-	// }
 }
 
 // newCreateWorkItemLinkPayload returns the payload to create a work item link

controller/workitem.go

@@ -634,9 +634,7 @@ func ConvertWorkItem(request *http.Request, wit workitem.WorkItemType, wi workit
 			if description != nil {
 				op.Attributes[name] = (*description).Content
 				op.Attributes[workitem.SystemDescriptionMarkup] = (*description).Markup
-				// let's include the rendered description while 'HTML escaping' it to prevent script injection
-				op.Attributes[workitem.SystemDescriptionRendered] =
-					rendering.RenderMarkupToHTML(html.EscapeString((*description).Content), (*description).Markup)
+				op.Attributes[workitem.SystemDescriptionRendered] = rendering.RenderMarkupToHTML((*description).Content, (*description).Markup)
 			}
 		case workitem.SystemCodebase:
 			if val != nil {

controller/workitem_blackbox_test.go

@@ -1307,6 +1307,49 @@ func (s *WorkItem2Suite) TestWI2SuccessCreateWorkItemWithDescriptionAndMarkup()
 	assert.Equal(s.T(), rendering.SystemMarkupMarkdown, wi.Data.Attributes[workitem.SystemDescriptionMarkup])
 }
 
+func (s *WorkItem2Suite) TestWI2SuccessUpdateWorkItemWithDescriptionAndMarkup() {
+	// given
+	originalDescription := "` x = \"1\"`"
+	originalDescriptionRendered := "<p><code>x = &#34;1&#34;</code></p>\n"
+	c := minimumRequiredCreatePayload()
+	c.Data.Attributes[workitem.SystemTitle] = "Title"
+	c.Data.Attributes[workitem.SystemDescription] = rendering.NewMarkupContent(originalDescription, rendering.SystemMarkupMarkdown)
+	c.Data.Relationships.BaseType = newRelationBaseType(workitem.SystemBug)
+
+	// when
+	_, wi := test.CreateWorkitemsCreated(s.T(), s.svc.Context, s.svc, s.workitemsCtrl, *c.Data.Relationships.Space.Data.ID, &c)
+	assert.Equal(s.T(), originalDescription, wi.Data.Attributes[workitem.SystemDescription])
+	assert.Equal(s.T(), originalDescriptionRendered, wi.Data.Attributes[workitem.SystemDescriptionRendered])
+
+	s.T().Run("update", func(t *testing.T) {
+		updatePayload := minimumRequiredUpdatePayload()
+		updatePayload.Data.ID = wi.Data.ID
+		updatePayload.Data.Attributes["version"] = wi.Data.Attributes["version"]
+		content := `
+	<code>
+	{
+		"data": "Hello World"
+	}
+	</code>
+	`
+		renderedContent := "" +
+			`<pre><code class="prettyprint"><span class="pun">&lt;</span><span class="pln">code</span><span class="pun">&gt;</span>
+<span class="pun">{</span>
+    <span class="str">&#34;data&#34;</span><span class="pun">:</span> <span class="str">&#34;Hello World&#34;</span>
+<span class="pun">}</span>
+<span class="pun">&lt;</span><span class="pun">/</span><span class="pln">code</span><span class="pun">&gt;</span>
+</code></pre>
+`
+		updatePayload.Data.Attributes[workitem.SystemDescription] = rendering.NewMarkupContent(content, rendering.SystemMarkupMarkdown)
+		_, newWI := test.UpdateWorkitemOK(s.T(), s.svc.Context, s.svc, s.workitemCtrl, *updatePayload.Data.ID, &updatePayload)
+		// then
+		require.NotNil(s.T(), newWI.Data)
+		assert.Equal(s.T(), content, newWI.Data.Attributes[workitem.SystemDescription])
+		assert.Equal(s.T(), renderedContent, newWI.Data.Attributes[workitem.SystemDescriptionRendered])
+		assert.Equal(s.T(), rendering.SystemMarkupMarkdown, newWI.Data.Attributes[workitem.SystemDescriptionMarkup])
+	})
+}
+
 // TestWI2SuccessCreateWorkItemWithDescription verifies that the `workitem.SystemDescription` attribute is set as a MarkupContent element
 func (s *WorkItem2Suite) TestWI2SuccessCreateWorkItemWithDescriptionAndNoMarkup() {
 	// given
@@ -2555,7 +2598,8 @@ func (s *WorkItem2Suite) TestWI2SuccessCreateAndPreventJavascriptInjectionWithMa
 	require.NotNil(s.T(), fetchedWI.Data)
 	require.NotNil(s.T(), fetchedWI.Data.Attributes)
 	assert.Equal(s.T(), html.EscapeString(title), fetchedWI.Data.Attributes[workitem.SystemTitle])
-	assert.Equal(s.T(), "<p>"+html.EscapeString(description.Content)+"</p>\n", fetchedWI.Data.Attributes[workitem.SystemDescriptionRendered])
+	// The resultant description won't have the `onerror=alert('description')` since it is not allowed in RenderMarkupToHTML function
+	assert.Equal(s.T(), "<p><img src=\"x\"/></p>\n", fetchedWI.Data.Attributes[workitem.SystemDescriptionRendered])
 }
 
 func (s *WorkItem2Suite) TestCreateWIWithCodebase() {

docs/development/debugging.adoc

@@ -5,7 +5,7 @@
 :experimental:
 
 This section shows how to install a Go debugger
-(link:https://github.com/derekparker/delve:[delve]) and how to actually do some
+(link:https://github.com/derekparker/delve[delve]) and how to actually do some
 debugging from a terminal.
 
 For somebody coming from a C/C++ background this should feed very familiar as

main.go

@@ -369,7 +369,6 @@ func main() {
 
 	// Mount "spacecodebases" controller
 	spaceCodebaseCtrl := controller.NewSpaceCodebasesController(service, appDB)
-	spaceCodebaseCtrl.AnalyticsGeminiClient = controller.NewDefaultAnalyticsGeminiClient(config)
 	app.MountSpaceCodebasesController(service, spaceCodebaseCtrl)
 
 	// Mount "collaborators" controller

migration/migration.go

@@ -434,6 +434,9 @@ func GetMigrations() Migrations {
 	// Version 98
 	m = append(m, steps{ExecuteSQLFile("098-boards.sql")})
 
+	// Version 99
+	m = append(m, steps{ExecuteSQLFile("099-codebase-cve-scan-default-false.sql")})
+
 	// Version N
 	//
 	// In order to add an upgrade, simply append an array of MigrationFunc to the