Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql injection fix #6078

Closed
wants to merge 29 commits into from
Closed

sql injection fix #6078

wants to merge 29 commits into from

Conversation

prakash100198
Copy link
Contributor

Description

Fixes #

Checklist:

  • The title of the PR states what changed and the related issues number (used for the release note).
  • Does this PR requires documentation updates?
  • I've updated documentation as required by this PR.
  • I have performed a self-review of my own code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have tested it for all user roles.
  • I have added all the required unit/api test cases.

Does this PR introduce a user-facing change?

prakash100198 and others added 20 commits October 28, 2024 00:46
@prakash100198
add ciPipeline.PipelineType == CiPipeline.LINKED_CD check while savin…
e2e22b4 
…g ciPipelineMaterial in orch and gitsensor
@prakash100198
handle for linked cd type in NEW_CI_MATERIAL sub topic
71fc41d
@prakash100198
introduce deploymenttemplatehistoryreadservice with a bunch of refact…
60ccd8f 
…oring around depl history service
@prakash100198
adaptor for HistoryDetailDto
996c01c
@prakash100198
extract out wire set for all history config in wire_history.go
fadf726
@prakash100198
move deploymenttemplateservice.go to pkg/deployment/manifest/deployme…
2d76713 
…ntTemplate as it makes sense for all depl template service layer methods to be at one place , this is part one of such refactoring
@prakash100198
move deploymenttemplateservice.go to pkg/deployment/manifest/deployme…
d0cc221 
…ntTemplate as it makes sense for all depl template service layer methods to be at one place , this is part one of such refactoring
@prakash100198
move ConfigMapHistoryService.go to deployment/manifest/configMapAndSe…
cecc228 
…cret repo
@prakash100198
fill ConfigMapHistoryReadService.go interface with methods extracted …
e70b366 
…out from ConfigMapHistoryService.go
@prakash100198
remove userService from configmapreadservice
2461776
@prakash100198
Merge branch 'develop' into linked-cd-ci-pod-spawn-fix-oss
85f7a72
@Ash-exp
added migration script for mandatory plugin (#6060)
010d228
@shivani170
fix: email-template-subject (#6057)
4bd5d91 
* chore: updated email templates subject

* chore: down script for email template added

* chore: code refactoring

* chore: code feedback for down template incorporated

* chore: code formatting

* chore: minifies queries

* fix: down sql app name variable issue fix

* chore: renamed migration

* chore: migration updated

* CHORE: updated template query
@prakash100198
Merge branch 'develop' into linked-cd-ci-pod-spawn-fix-oss
708faf6
@prakash100198
Merge pull request #6037 from devtron-labs/linked-cd-ci-pod-spawn-fix…
c0ba531 
…-oss

fix: Linked cd ci pod spawn fix oss
@prakash100198
Merge branch 'develop' into read-service-depl-history
497018f
@prakash100198
Merge pull request #6041 from devtron-labs/read-service-depl-history
06e4c5d 
chore: Read service for DeploymentTemplateHistoryService and ConfigMapHistoryService
@Ash-exp
fix: cluster namespace list informer
9cdef42
@Ash-exp
Merge pull request #6069 from devtron-labs/fix-ns-list-informer
5b1a27c 
fix: cluster namespace list informer
@prakash100198
sql injection fix
43058f6
nishant-d
nishant-d previously approved these changes Nov 13, 2024
View reviewed changes
vikramdevtron
vikramdevtron previously approved these changes Nov 13, 2024
View reviewed changes
@Shivam-nagar23
fix: server version on updating fix (#6079)
4a6540d 
* updated and retry on get server api

* error refactor

* added comments

* server version check
@ayu-devtron ayu-devtron dismissed stale reviews from vikramdevtron and nishant-d via 2d1c7ad November 14, 2024 06:29
Shivam-nagar23 and others added 4 commits November 14, 2024 14:06
@Shivam-nagar23 @prkhrkat
chore: depandabot fixes (#6070)
0a63570 
* updated k8s.io/kubernetes from v1.29.6 to k8s.io/kubernetes v1.29.7

* jwt upgraded to github.com/golang-jwt/jwt/v4 v4.5.1

* version upgrade

* common-lib sync

---------

Co-authored-by: prakhar katiyar <[email protected]>
Co-authored-by: prakhar katiyar <[email protected]>
@prkhrkat
chore: refactoring and created CiTemplateReadService.go (#6090)
e7c90a2 
* created CiTemplateReadService.go

* created CiTemplateReadService.go

* created CiTemplateReadService.go

* fix for CiTemplateService_test.go
@ayu-devtron
Merge branch 'main' of github.com:devtron-labs/devtron into exteral-f…
7b36eeb 
…ix-from-main
@prkhrkat
misc: Kubecon 2024 oss sync (#6094)
f7b3f9c 
* feat: added is_prod col in cluster (#6046)

* added is_prod col in cluster

* migration added

* migration added

* migration added

* migration added

* migrations number
nishant-d
nishant-d previously approved these changes Nov 14, 2024
View reviewed changes
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 14, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
4.0% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 14, 2024
View reviewed changes
pkg/deployment/manifest/configMapAndSecret/ConfigMapHistoryService.go
func (impl ConfigMapHistoryServiceImpl) CreateHistoryFromAppLevelConfig(appLevelConfig *chartConfig.ConfigMapAppModel, configType repository.ConfigType) error {
pipelines, err := impl.pipelineRepository.FindActiveByAppId(appLevelConfig.AppId)
if err != nil {
impl.logger.Errorw("err in getting pipelines, CreateHistoryFromAppLevelConfig", "err", err, "appLevelConfig", appLevelConfig)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to secretKeyValueData
Loading
flows to a logging call.

Copilot Autofix AI about 1 month ago

To fix the problem, we need to ensure that sensitive information is not logged in clear text. The best way to fix this without changing existing functionality is to remove the sensitive data from the logging statement or to obfuscate it before logging. In this case, we will remove the appLevelConfig from the logging statement on line 70 in pkg/deployment/manifest/configMapAndSecret/ConfigMapHistoryService.go.

Suggested changeset 1
pkg/deployment/manifest/configMapAndSecret/ConfigMapHistoryService.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/pkg/deployment/manifest/configMapAndSecret/ConfigMapHistoryService.go b/pkg/deployment/manifest/configMapAndSecret/ConfigMapHistoryService.go
--- a/pkg/deployment/manifest/configMapAndSecret/ConfigMapHistoryService.go
+++ b/pkg/deployment/manifest/configMapAndSecret/ConfigMapHistoryService.go
@@ -69,3 +69,3 @@
 	if err != nil {
-		impl.logger.Errorw("err in getting pipelines, CreateHistoryFromAppLevelConfig", "err", err, "appLevelConfig", appLevelConfig)
+		impl.logger.Errorw("err in getting pipelines, CreateHistoryFromAppLevelConfig", "err", err)
 		return err
EOF
@@ -69,3 +69,3 @@
if err != nil {
impl.logger.Errorw("err in getting pipelines, CreateHistoryFromAppLevelConfig", "err", err, "appLevelConfig", appLevelConfig)
impl.logger.Errorw("err in getting pipelines, CreateHistoryFromAppLevelConfig", "err", err)
return err
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
pkg/deployment/manifest/configMapAndSecret/read/ConfigMapHistoryReadService.go
}
resolvedConfigDataStringJson, err := utils.ConvertToJsonRawMessage(resolvedConfigDataString)
if err != nil {
impl.logger.Errorw("getCmCsPublishedConfigResponse, error in ConvertToJsonRawMessage for resolvedJson", "resolvedJson", resolvedConfigDataStringJson, "err", err)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to SecretKey
Loading
flows to a logging call.

Copilot Autofix AI about 1 month ago

To fix the problem, we need to ensure that sensitive information is not logged in clear text. The best way to fix this is to obfuscate or remove the sensitive data before logging. In this case, we should remove the sensitive data from the log message.

  • In pkg/deployment/manifest/configMapAndSecret/read/ConfigMapHistoryReadService.go, we need to modify the logging statement on line 437 to exclude the sensitive data.
  • We will remove the resolvedJson field from the log message to ensure that sensitive information is not logged.
Suggested changeset 1
pkg/deployment/manifest/configMapAndSecret/read/ConfigMapHistoryReadService.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/pkg/deployment/manifest/configMapAndSecret/read/ConfigMapHistoryReadService.go b/pkg/deployment/manifest/configMapAndSecret/read/ConfigMapHistoryReadService.go
--- a/pkg/deployment/manifest/configMapAndSecret/read/ConfigMapHistoryReadService.go
+++ b/pkg/deployment/manifest/configMapAndSecret/read/ConfigMapHistoryReadService.go
@@ -436,3 +436,3 @@
 	if err != nil {
-		impl.logger.Errorw("getCmCsPublishedConfigResponse, error in ConvertToJsonRawMessage for resolvedJson", "resolvedJson", resolvedConfigDataStringJson, "err", err)
+		impl.logger.Errorw("getCmCsPublishedConfigResponse, error in ConvertToJsonRawMessage for resolvedJson", "err", err)
 		return nil, err
EOF
@@ -436,3 +436,3 @@
if err != nil {
impl.logger.Errorw("getCmCsPublishedConfigResponse, error in ConvertToJsonRawMessage for resolvedJson", "resolvedJson", resolvedConfigDataStringJson, "err", err)
impl.logger.Errorw("getCmCsPublishedConfigResponse, error in ConvertToJsonRawMessage for resolvedJson", "err", err)
return nil, err
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vikramdevtron vikramdevtron vikramdevtron left review comments

@nishant-d nishant-d nishant-d left review comments

@prakarsh-dt prakarsh-dt Awaiting requested review from prakarsh-dt prakarsh-dt is a code owner

@vivek-devtron vivek-devtron Awaiting requested review from vivek-devtron vivek-devtron is a code owner

Assignees
No one assigned
Labels
PR:Issue-verification-failed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@prakash100198 @nishant-d @vikramdevtron @ayu-devtron @Ash-exp @shivani170 @Shivam-nagar23 @prkhrkat