From a3f838f0bf8cb1a69d54bce444047a5f4a25419c Mon Sep 17 00:00:00 2001 From: ecrupper Date: Tue, 25 Jul 2023 14:58:21 -0500 Subject: [PATCH 1/4] fix(pipeline): set max template depth and adjust CompileLite call --- action/pipeline/validate.go | 2 +- command/pipeline/exec.go | 9 +++++++++ command/pipeline/validate.go | 12 ++++++++++++ go.mod | 6 +++--- go.sum | 12 ++++++------ 5 files changed, 31 insertions(+), 10 deletions(-) diff --git a/action/pipeline/validate.go b/action/pipeline/validate.go index 81729aa1..641fdc65 100644 --- a/action/pipeline/validate.go +++ b/action/pipeline/validate.go @@ -107,7 +107,7 @@ func (c *Config) ValidateLocal(client compiler.Engine) error { logrus.Tracef("compiling pipeline %s", path) // compile the object into a pipeline - p, _, err := client.CompileLite(path, c.Template, false, c.TemplateFiles) + p, _, err := client.CompileLite(path, c.Template, false) if err != nil { return err } diff --git a/command/pipeline/exec.go b/command/pipeline/exec.go index 1ccf6631..732581cc 100644 --- a/command/pipeline/exec.go +++ b/command/pipeline/exec.go @@ -94,6 +94,12 @@ var CommandExec = &cli.Command{ Aliases: []string{"v"}, Usage: "provide list of local volumes to mount", }, + &cli.IntFlag{ + EnvVars: []string{"VELA_MAX_TEMPLATE_DEPTH", "MAX_TEMPLATE_DEPTH"}, + Name: "max-template-depth", + Usage: "set the maximum depth for nested templates", + Value: 3, + }, // Repo Flags @@ -184,6 +190,9 @@ func exec(c *cli.Context) error { return err } + // set the max template depth using provided configuration + client.TemplateDepth = c.Int("max-template-depth") + // execute the exec call for the pipeline configuration // // https://pkg.go.dev/github.com/go-vela/cli/action/pipeline?tab=doc#Config.Exec diff --git a/command/pipeline/validate.go b/command/pipeline/validate.go index 1741d058..27af3f91 100644 --- a/command/pipeline/validate.go +++ b/command/pipeline/validate.go @@ -80,6 +80,12 @@ var CommandValidate = &cli.Command{ Name: "template-file", Usage: "enables using a local template file for expansion", }, + &cli.IntFlag{ + EnvVars: []string{"VELA_MAX_TEMPLATE_DEPTH", "MAX_TEMPLATE_DEPTH"}, + Name: "max-template-depth", + Usage: "set the maximum depth for nested templates", + Value: 3, + }, &cli.BoolFlag{ EnvVars: []string{"VELA_REMOTE", "PIPELINE_REMOTE"}, Name: "remote", @@ -120,6 +126,8 @@ EXAMPLES: $ {{.HelpName}} --template 8. Validate a local template pipeline with expanding steps $ {{.HelpName}} --template --template-file name:/path/to/file + 9. Validate a local, nested template pipeline with custom template depth. + $ {{.HelpName}} --template --template-file name:/path/to/file name:/path/to/file --max-template-depth 2 DOCUMENTATION: https://go-vela.github.io/docs/reference/cli/pipeline/validate/ @@ -183,9 +191,13 @@ func validate(c *cli.Context) error { return err } + // set the max template depth using provided configuration + client.TemplateDepth = c.Int("max-template-depth") + // set when user is sourcing templates from local machine if len(p.TemplateFiles) != 0 { client.WithLocal(true) + client.WithLocalTemplates(p.TemplateFiles) } // execute the validate local call for the pipeline configuration diff --git a/go.mod b/go.mod index 64e55ab8..d87ea65b 100644 --- a/go.mod +++ b/go.mod @@ -11,8 +11,8 @@ require ( github.com/gin-gonic/gin v1.9.1 github.com/go-git/go-git/v5 v5.7.0 github.com/go-vela/sdk-go v0.20.0-rc3 - github.com/go-vela/server v0.20.0-rc3 - github.com/go-vela/types v0.20.0-rc1 + github.com/go-vela/server v0.20.1-0.20230725195029-acbb8f116c4e + github.com/go-vela/types v0.20.0 github.com/go-vela/worker v0.20.0-rc2 github.com/golang-jwt/jwt/v5 v5.0.0 github.com/gosuri/uitable v0.0.4 @@ -111,7 +111,7 @@ require ( github.com/ugorji/go/codec v1.2.11 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect - go.starlark.net v0.0.0-20230612165344-9532f5667272 // indirect + go.starlark.net v0.0.0-20230712173630-2226322290fc // indirect golang.org/x/arch v0.3.0 // indirect golang.org/x/crypto v0.10.0 // indirect golang.org/x/net v0.11.0 // indirect diff --git a/go.sum b/go.sum index d0eb113f..0d962fda 100644 --- a/go.sum +++ b/go.sum @@ -158,10 +158,10 @@ github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QX github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-vela/sdk-go v0.20.0-rc3 h1:PCMyvkxRmqJUjRqjlXLf7URUfyUq3OPH5Q3Zvfs0+J0= github.com/go-vela/sdk-go v0.20.0-rc3/go.mod h1:edUiPUI/E7YSWIrZt5KLVZwwWiDx2/TrMwzVITOMARw= -github.com/go-vela/server v0.20.0-rc3 h1:eIMdNCbGJa8kpdJuCiEmAEEMRHvrDikRJQeE3hmZsdo= -github.com/go-vela/server v0.20.0-rc3/go.mod h1:XQiU5v8ihviZaNJ5ZwwTWceojHjzlzcrT2t1P8PJxGo= -github.com/go-vela/types v0.20.0-rc1 h1:t4tz9YjExtrFMFTq6w+0xWens8b0UPC1kcI642Ta3yc= -github.com/go-vela/types v0.20.0-rc1/go.mod h1:1ZSmKWX9MamKogwaIb53mzzRpZMV34mJFKiGfVFadFk= +github.com/go-vela/server v0.20.1-0.20230725195029-acbb8f116c4e h1:KldHo5HQICJv5G9nTcNeuuiW9DDUzAIjptRH2X+9cFU= +github.com/go-vela/server v0.20.1-0.20230725195029-acbb8f116c4e/go.mod h1:l6ToQGKLn9RP9Kcqwyq3JtgkFRhq1nlIKHq/mynkA+E= +github.com/go-vela/types v0.20.0 h1:u/wHwc6ElVbIEI+q9TaVl9Iai1EoEr4Lwis6mikOte8= +github.com/go-vela/types v0.20.0/go.mod h1:1ZSmKWX9MamKogwaIb53mzzRpZMV34mJFKiGfVFadFk= github.com/go-vela/worker v0.20.0-rc2 h1:nZzCKkXpfrzWsUOOyz7qUSmnyhSjx+pV5Mb9MnrGs4k= github.com/go-vela/worker v0.20.0-rc2/go.mod h1:INZ0B6sqOoPxNl2OkqyE2Ne3g4o7r4Qr+cPu1tnZeow= github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= @@ -401,8 +401,8 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.starlark.net v0.0.0-20230612165344-9532f5667272 h1:2/wtqS591wZyD2OsClsVBKRPEvBsQt/Js+fsCiYhwu8= -go.starlark.net v0.0.0-20230612165344-9532f5667272/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= +go.starlark.net v0.0.0-20230712173630-2226322290fc h1:x7dWtxLF8z8E5/+KkK3MJJTK/kBZhTCLmYCk75rhKxk= +go.starlark.net v0.0.0-20230712173630-2226322290fc/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k= golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= From 1a42dca9aefdc2c25a4d04d2efbca39b931959b6 Mon Sep 17 00:00:00 2001 From: ecrupper Date: Tue, 25 Jul 2023 15:09:30 -0500 Subject: [PATCH 2/4] update validate test --- action/pipeline/validate_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action/pipeline/validate_test.go b/action/pipeline/validate_test.go index 2be7011c..74c4c1f1 100644 --- a/action/pipeline/validate_test.go +++ b/action/pipeline/validate_test.go @@ -284,7 +284,7 @@ func TestPipeline_Config_ValidateLocal(t *testing.T) { for _, test := range tests { isLocal := len(test.config.TemplateFiles) > 0 - err := test.config.ValidateLocal(client.WithLocal(isLocal)) + err := test.config.ValidateLocal(client.WithLocal(isLocal).WithLocalTemplates(test.config.TemplateFiles)) if test.failure { if err == nil { From 923487717d06b663f3b5061c6aa99a332655196e Mon Sep 17 00:00:00 2001 From: ecrupper Date: Thu, 27 Jul 2023 08:47:55 -0500 Subject: [PATCH 3/4] protect against SCM spamming with template depth config --- command/pipeline/exec.go | 5 +++-- command/pipeline/validate.go | 11 ++++++++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/command/pipeline/exec.go b/command/pipeline/exec.go index 732581cc..4cd5daee 100644 --- a/command/pipeline/exec.go +++ b/command/pipeline/exec.go @@ -11,6 +11,7 @@ import ( "github.com/go-vela/cli/action/pipeline" "github.com/go-vela/cli/internal" "github.com/go-vela/server/compiler/native" + "github.com/go-vela/server/util" "github.com/go-vela/types/constants" "github.com/urfave/cli/v2" @@ -190,8 +191,8 @@ func exec(c *cli.Context) error { return err } - // set the max template depth using provided configuration - client.TemplateDepth = c.Int("max-template-depth") + // set the max template depth using provided configuration (max of 5) + client.TemplateDepth = util.MinInt(c.Int("max-template-depth"), 5) // execute the exec call for the pipeline configuration // diff --git a/command/pipeline/validate.go b/command/pipeline/validate.go index 27af3f91..eb4ead72 100644 --- a/command/pipeline/validate.go +++ b/command/pipeline/validate.go @@ -12,8 +12,10 @@ import ( "github.com/go-vela/cli/internal" "github.com/go-vela/cli/internal/client" "github.com/go-vela/types/constants" + "github.com/sirupsen/logrus" "github.com/go-vela/server/compiler/native" + "github.com/go-vela/server/util" "github.com/urfave/cli/v2" ) @@ -191,13 +193,16 @@ func validate(c *cli.Context) error { return err } - // set the max template depth using provided configuration - client.TemplateDepth = c.Int("max-template-depth") - // set when user is sourcing templates from local machine if len(p.TemplateFiles) != 0 { client.WithLocal(true) client.WithLocalTemplates(p.TemplateFiles) + client.TemplateDepth = c.Int("max-template-depth") + } else { + // set max template depth to 3 if local templates are not provided. + // This prevents users from spamming SCM + client.TemplateDepth = util.MinInt(c.Int("max-template-depth"), 5) + logrus.Debugf("no local template files provided, setting max template depth to %d", client.TemplateDepth) } // execute the validate local call for the pipeline configuration From 48cc7aff304517780e39a3c13c0651a052a8cf49 Mon Sep 17 00:00:00 2001 From: ecrupper Date: Thu, 27 Jul 2023 09:10:34 -0500 Subject: [PATCH 4/4] fix comment --- command/pipeline/validate.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/command/pipeline/validate.go b/command/pipeline/validate.go index eb4ead72..40a16468 100644 --- a/command/pipeline/validate.go +++ b/command/pipeline/validate.go @@ -199,7 +199,7 @@ func validate(c *cli.Context) error { client.WithLocalTemplates(p.TemplateFiles) client.TemplateDepth = c.Int("max-template-depth") } else { - // set max template depth to 3 if local templates are not provided. + // set max template depth to minimum of 5 and provided value if local templates are not provided. // This prevents users from spamming SCM client.TemplateDepth = util.MinInt(c.Int("max-template-depth"), 5) logrus.Debugf("no local template files provided, setting max template depth to %d", client.TemplateDepth)