updation (#41)

* fix: Added URL Param Parsing for better security (#33) Signed-off-by: Soorya U <[email protected]> * feat: added function to extract content from the yaml file (#34) --------- Signed-off-by: Soorya U <[email protected]> Co-authored-by: Soorya U <[email protected]> Co-authored-by: Kushal Jetty <[email protected]>
puneeth072003 · Dec 31, 2024 · 9f4c569 · 9f4c569
1 parent f4a8de9
commit 9f4c569
Show file tree

Hide file tree

Showing 5 changed files with 106 additions and 4 deletions.
diff --git a/src/github/controllers/initializers/fetchPRdesc.go b/src/github/controllers/initializers/fetchPRdesc.go
@@ -3,15 +3,26 @@ package initializers
 import (
 	"encoding/json"
 	"fmt"
+	"github/utils"
 	"io"
 	"net/http"
+	"net/url"
+	"strconv"
 )
 
 // FetchPullRequestDescription fetches the description of a pull request
 func FetchPullRequestDescription(owner, repo string, prNumber int) (string, error) {
-	url := fmt.Sprintf("https://api.github.com/repos/%s/%s/pulls/%d", owner, repo, prNumber)
+	owner, repo, err := utils.CleanURLParams(owner, repo, prNumber)
+	if err != nil {
+		return "", err
+	}
+
+	reqUrl, err := url.JoinPath("https://api.github.com", "repos", owner, repo, "pulls", strconv.Itoa(123))
+	if err != nil {
+		return "", fmt.Errorf("unable to construct request url: %v", err)
+	}
 
-	req, _ := http.NewRequest("GET", url, nil)
+	req, _ := http.NewRequest("GET", reqUrl, nil)
 	req.Header.Set("Accept", "application/vnd.github.v3+json")
 
 	client := &http.Client{}

diff --git a/src/github/controllers/initializers/fetchPRfiles.go b/src/github/controllers/initializers/fetchPRfiles.go
@@ -3,15 +3,26 @@ package initializers
 import (
 	"encoding/json"
 	"fmt"
+	"github/utils"
 	"io"
 	"net/http"
+	"net/url"
+	"strconv"
 )
 
 // Fetch the list of changed files in the pull request
 func FetchPullRequestFiles(owner, repo string, prNumber int) ([]map[string]interface{}, error) {
-	url := fmt.Sprintf("https://api.github.com/repos/%s/%s/pulls/%d/files", owner, repo, prNumber)
+	owner, repo, err := utils.CleanURLParams(owner, repo, prNumber)
+	if err != nil {
+		return nil, err
+	}
+
+	reqUrl, err := url.JoinPath("https://api.github.com", "repos", owner, repo, "pulls", strconv.Itoa(123), "files")
+	if err != nil {
+		return nil, fmt.Errorf("unable to construct request url: %v", err)
+	}
 
-	req, _ := http.NewRequest("GET", url, nil)
+	req, _ := http.NewRequest("GET", reqUrl, nil)
 	req.Header.Set("Accept", "application/vnd.github.v3+json")
 
 	client := &http.Client{}

diff --git a/src/github/controllers/initializers/fetchymlcontent.go b/src/github/controllers/initializers/fetchymlcontent.go
@@ -0,0 +1,50 @@
+package initializers
+
+import (
+	"gopkg.in/yaml.v3"
+)
+
+// YMLConfig represents the overall structure of the YAML
+type YMLConfig struct {
+	Configuration ymlConfiguration `yaml:"configuration"`
+	Environment   ymlEnvironment   `yaml:"environment"`
+	Caching       ymlCaching       `yaml:"caching"`
+}
+
+// Configuration holds the YAML configuration fields
+type ymlConfiguration struct {
+	TestDirectory    string `yaml:"test-directory"`
+	Comments         string `yaml:"comments"`
+	TestingBranch    string `yaml:"testing-branch"`
+	TestingFramework string `yaml:"testing-framework"`
+	WaterMark        string `yaml:"water-mark"`
+}
+
+// Environment holds environment-specific configurations
+type ymlEnvironment struct {
+	PythonVersion string `yaml:"python-version"`
+}
+
+// Caching holds caching-related configurations
+type ymlCaching struct {
+	Enabled      bool   `yaml:"enabled"`
+	RedisCaching string `yaml:"redis-caching"`
+}
+
+// FetchAndReturnYAMLContents fetches YAML contents and returns it as a structure
+func FetchAndReturnYAMLContents(owner, repo, commitSHA, filePath string) (YMLConfig, error) {
+	// Fetch the file content from GitHub
+	content, err := FetchFileContentFromGitHub(owner, repo, commitSHA, filePath)
+	if err != nil {
+		return YMLConfig{}, err
+	}
+
+	// Parse YAML content
+	var config YMLConfig
+	err = yaml.Unmarshal([]byte(content), &config)
+	if err != nil {
+		return YMLConfig{}, err
+	}
+
+	return config, nil
+}
diff --git a/src/github/controllers/initialwebhookhandler.go b/src/github/controllers/initialwebhookhandler.go
@@ -151,6 +151,16 @@ func WebhookHandler(c *gin.Context) {
 
 	mergeID := fmt.Sprintf("merge_%s_%d", commitSHA, pullRequestNumber)
 
+	// yml content fetch
+	log.Printf("fetching content from yaml file of repository")
+	responseymldata, err := initializers.FetchAndReturnYAMLContents(repoOwner, repoName, commitSHA, "codesourcerer-config.yml")
+	if err != nil {
+		log.Fatalf("Error: %v", err)
+	}
+
+	// log the responseymldata
+	log.Printf("YAML Data Retrieved: %+v", responseymldata)
+
 	// Fetch PR description and dependencies
 	prDescription, err := initializers.FetchPullRequestDescription(repoOwner, repoName, pullRequestNumber)
 	if err != nil {

diff --git a/src/github/utils/cleanurl.go b/src/github/utils/cleanurl.go
@@ -0,0 +1,20 @@
+package utils
+
+import (
+	"fmt"
+	"net/url"
+	"regexp"
+)
+
+func CleanURLParams(owner, repo string, prNumber int) (string, string, error) {
+	owner = url.QueryEscape(owner)
+	repo = url.QueryEscape(repo)
+
+	githubNameRegex := regexp.MustCompile(`^[a-zA-Z0-9-]+$`)
+
+	if !githubNameRegex.MatchString(owner) || !githubNameRegex.MatchString(repo) || prNumber <= 0 {
+		return "", "", fmt.Errorf("unable to clean url params")
+	}
+
+	return owner, repo, nil
+}